Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-0752

Опубликовано: 08 дек. 2010
Источник: redhat
CVSS2: 2.6
EPSS Низкий

Описание

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

Отчет

We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4, or 5 (php). This issue was addressed in the php53 packages as shipped in Red Hat Enterprise Linux 5 before their first release in Red Hat Enterprise Linux 5.6, and it was addressed in the php package in Red Hat Enterprise Linux 6 via RHBA-2011:0615.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5phpNot affected
Red Hat Enterprise Linux 5php53Not affected
Red Hat Enterprise Linux 6phpNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=674699php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE

EPSS

Процентиль: 68%
0.00574
Низкий

2.6 Low

CVSS2

Связанные уязвимости

nvd логотип

CVE-2011-0752

nvd
больше 14 лет назад

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

debian логотип

CVE-2011-0752

debian
больше 14 лет назад

The extract function in PHP before 5.2.15 does not prevent use of the ...

github логотип

GHSA-28qm-wmpf-4vwh

github
больше 3 лет назад

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.

EPSS

Процентиль: 68%
0.00574
Низкий

2.6 Low

CVSS2