Описание
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | 5.2.6-1ubuntu1 |
| feisty | not-affected | |
| gutsy | released | 5.2.3-1ubuntu6.4 |
| hardy | released | 5.2.4-2ubuntu5.3 |
| upstream | released | 5.2.6 |
Показывать по
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5. ...
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
10 Critical
CVSS2
9.8 Critical
CVSS3