CVE-2008-0599

2008-05-05T17:20:00
ID CVE-2008-0599
Type cve
Reporter cve@mitre.org
Modified 2018-10-15T22:01:00

Description

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.