CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.8%
The php_register_variable_ex function in php_variables.c in PHP 5.3.9
allows remote attackers to execute arbitrary code via a request containing
a large number of variables, related to improper handling of array
variables. NOTE: this vulnerability exists because of an incorrect fix for
CVE-2011-4885.
Author | Note |
---|---|
tyhicks | Introduced by the fix for CVE-2011-4885 |