php -- corruption of $GLOBALS and $this variables via extract() method

2010-12-10T00:00:00
ID F3148A05-0FA7-11E0-BECC-0022156E8794
Type freebsd
Reporter FreeBSD
Modified 2010-12-10T00:00:00

Description

Off-by-one error in the sanity validator for the extract() method allowed attackers to replace the values of $GLOBALS and $this when mode EXTR_OVERWRITE was used.