CVE-2007-1583

2007-03-21T19:19:00
ID CVE-2007-1583
Type cve
Reporter NVD
Modified 2018-10-16T12:39:26

Description

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.