CVE-2007-1583 in PHPinfo

Summary

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

03/21/2007

Disclosure

03/21/2007

Moderation

VulDB entry created

Entries

VDB-35764 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.23563

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-1583
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-1583
CVE Details	https://www.cvedetails.com/cve/CVE-2007-1583/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!