Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2008-0599

Опубликовано: 05 мая 2008
Источник: debian

Описание

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php5fixed5.2.6-1package
php5not-affectedetchpackage
php4not-affectedetchpackage

Связанные уязвимости

CVSS3: 9.8
ubuntu
около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

redhat
около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVSS3: 9.8
nvd
около 17 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

CVSS3: 9.8
github
около 3 лет назад

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.