Lucene search

K
cve[email protected]CVE-2012-0830
HistoryFeb 06, 2012 - 8:55 p.m.

CVE-2012-0830

2012-02-0620:55:00
CWE-399
web.nvd.nist.gov
172
cve-2012-0830
php
remote code execution
array variables
security vulnerability
nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.879 High

EPSS

Percentile

98.6%

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

CPENameOperatorVersion
php:phpphpeq5.3.9

References

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.879 High

EPSS

Percentile

98.6%