Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2007-4782 - Vulnerability Database
PHP

PHP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2007-4782

Medium
Reference: CVE-2007-4782
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-4782
Title: PHP Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function or (2) a long string in the string parameter to the fnmatch function accompanied by a pattern parameter value with undefined characteristics as demonstrated by a quot1equot value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads unless these issues can be demonstrated for code execution.