8.2 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.042 Low
EPSS
Percentile
92.1%
A flaw was discovered in the FTP command handler in PHP. Commands were
not correctly filtered for control characters. An attacker could issue
arbitrary FTP commands using specially crafted arguments. (CVE-2007-2509)
Ilia Alshanetsky discovered a buffer overflow in the SOAP request handler
in PHP. Remote attackers could send a specially crafted SOAP request
and execute arbitrary code with web server privileges. (CVE-2007-2510)
Ilia Alshanetsky discovered a buffer overflow in the user filter factory
in PHP. A local attacker could create a specially crafted script and
execute arbitrary code with web server privileges. (CVE-2007-2511)
Gregory Beaver discovered that the PEAR installer did not validate
installation paths. If a user were tricked into installing a malicious
PEAR package, an attacker could overwrite arbitrary files. (CVE-2007-2519)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 7.04 | noarch | php5-cli | < 5.2.1-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | php-pear | < 5.2.1-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | libapache2-mod-php5 | < 5.2.1-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | php5-cgi | < 5.2.1-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.04 | noarch | php5-xmlrpc | < 5.2.1-0ubuntu1.2 | UNKNOWN |
Ubuntu | 6.10 | noarch | php5-cli | < 5.1.6-1ubuntu2.5 | UNKNOWN |
Ubuntu | 6.10 | noarch | php-pear | < 5.1.6-1ubuntu2.5 | UNKNOWN |
Ubuntu | 6.10 | noarch | libapache2-mod-php5 | < 5.1.6-1ubuntu2.5 | UNKNOWN |
Ubuntu | 6.10 | noarch | php5-cgi | < 5.1.6-1ubuntu2.5 | UNKNOWN |
Ubuntu | 6.10 | noarch | php5-xmlrpc | < 5.1.6-1ubuntu2.5 | UNKNOWN |