Arbitrary Code Execution

2020-04-1001:03:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

php is vulnerable to arbitrary code execution. The vulnerability exists as a use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.

CPENameOperatorVersion
phpeq5.1.6__11.el5
phpeq5.1.6__7.el5
phpeq5.1.6__20.el5_2.1
phpeq5.3.2__6.el6_0.1
phpeq5.1.6__12.el5
phpeq5.1.6__20.el5
phpeq5.3.2__6.el6
phpeq5.1.6__23.2.el5_3
phpeq5.1.6__24.el5_4.5
phpeq5.1.6__15.el5

Name	Operator	Version
php	eq	5.1.6__11.el5
php	eq	5.1.6__7.el5
php	eq	5.1.6__20.el5_2.1
php	eq	5.3.2__6.el6_0.1
php	eq	5.1.6__12.el5
php	eq	5.1.6__20.el5
php	eq	5.3.2__6.el6
php	eq	5.1.6__23.2.el5_3
php	eq	5.1.6__24.el5_4.5
php	eq	5.1.6__15.el5