Design/Logic Flaw

2007-03-2123:19:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.3%

JSON

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.

CPENameOperatorVersion
phpeq4.3.9
phpeq4.0 beta1
phpeq5.1.5
phpeq5.1.2
phpeq4.0 beta4
phpeq4.2.0
phpeq5.1.1
phpeq4.4.4
phpeq5.0.0 beta1
phpeq4.1.0

Name	Operator	Version
php	eq	4.3.9
php	eq	4.0 beta1
php	eq	5.1.5
php	eq	5.1.2
php	eq	4.0 beta4
php	eq	4.2.0
php	eq	5.1.1
php	eq	4.4.4
php	eq	5.0.0 beta1
php	eq	4.1.0

Rows per page:

1-10 of 751

References

secunia.com/advisories/24542

www.php-security.org/MOPB/MOPB-27-2007.html

www.securityfocus.com/bid/23046

www.exploit-db.com/exploits/3525