PHP is prone to an arbitrary-code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected webserver. This issue affects PHP 4 versions prior to 4.4.5 and PHP 5 versions prior to 5.2.1.

Please see the references for more information.

• http://www.php-security.org/MOPB/MOPB-31-2007.html
• http://www.php.net
• http://www.securityfocus.com/bid/23119
• http://www.securityfocus.com/bid/23120
• http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01056506

---

Updated on 2015-03-25