[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

251139

 
 

909

 
 

196159

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1399Date: (C)2007-03-10   (M)2023-12-22


Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
BID-22883
SECUNIA-24471
SECUNIA-24514
SECUNIA-25938
OSVDB-32782
ADV-2007-0898
DSA-1330
SUSE-SA:2007:020
http://www.php-security.org/MOPB/MOPB-16-2007.html
pecl-url-wrapper-bo(32889)

CPE    2
cpe:/a:php:php:5.2.0
cpe:/a:php:php:5.2.1

© SecPod Technologies