CVE-2002-0953 in PGP Addressinfo

Summary

by MITRE

globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 09/10/2025

The vulnerability identified as CVE-2002-0953 represents a critical remote code execution flaw in PHP Address versions prior to 0.2f. This vulnerability specifically exploits the insecure handling of user-supplied input through the LangCookie parameter within the globals.php script. The flaw becomes particularly dangerous when both allow_url_fopen and register_globals PHP configuration directives are enabled, creating a dangerous combination that allows attackers to inject malicious code through web requests. The vulnerability falls under the category of insecure input handling and improper validation of user-supplied data, which aligns with CWE-20 - Improper Input Validation and CWE-94 - Improper Control of Generation of Code. The attack vector leverages the ability of PHP to include remote files when allow_url_fopen is enabled, combined with the dangerous practice of register_globals which automatically creates variables from request data.

The technical exploitation of this vulnerability occurs when an attacker crafts a malicious URL containing PHP code within the LangCookie parameter. When the vulnerable PHP Address application processes this parameter, it passes the user-supplied input directly to PHP's include or require functions without proper sanitization or validation. The register_globals directive causes the LangCookie parameter to be automatically registered as a global variable, while allow_url_fopen permits PHP to fetch content from remote URLs. This combination allows attackers to execute arbitrary PHP code on the target server, effectively granting them complete control over the web application and potentially the underlying server. The vulnerability demonstrates a classic case of code injection where attacker-controlled data flows directly into executable code paths, violating fundamental security principles of input sanitization and output encoding.

The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with the ability to perform a wide range of malicious activities including data theft, system compromise, and further network penetration. Attackers can leverage this vulnerability to establish persistent backdoors, exfiltrate sensitive information, or use the compromised server as a launch point for attacking other systems within the network. The vulnerability also has implications for compliance with security standards such as those outlined in the OWASP Top Ten, specifically addressing injection flaws and insecure configurations. Organizations running vulnerable versions of PHP Address face significant risk of unauthorized access, data breaches, and potential system compromise, particularly in environments where the dangerous PHP configuration settings are enabled. The vulnerability's impact is amplified in shared hosting environments or when multiple applications share the same server resources.

Mitigation strategies for CVE-2002-0953 require immediate action to address both the software vulnerability and the dangerous PHP configuration settings. The primary remediation involves upgrading to PHP Address version 0.2f or later, which contains proper input validation and sanitization for the LangCookie parameter. Additionally, administrators must disable the allow_url_fopen and register_globals PHP directives in the php.ini configuration file, as these settings create dangerous conditions that enable the exploitation. The principle of least privilege should be applied by ensuring that web applications run with minimal required permissions and that input validation is implemented at multiple layers of the application architecture. Security hardening practices should include implementing proper input sanitization, output encoding, and using secure coding practices that prevent user-supplied data from being directly executed as code. Organizations should also consider implementing web application firewalls and monitoring systems to detect and prevent exploitation attempts, while following the ATT&CK framework's guidance on preventing code injection attacks and securing web applications against remote execution vulnerabilities.

Disclosure

10/04/2002

Moderation

accepted

Entry

VDB-18889

CPE

ready

Exploit

Download

EPSS

0.03777

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!