PHP4 Ovrimos Extension Code Execution Vulnerability Network Vulnerability

Summary

PHP4 is prone to a code-execution vulnerability due to a design error in a vulnerable extension. For this vulnerability to occur, the non-maintained 'Ovrimos SQL Server Extension' must have been compiled into the targetted PHP implementation. Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits would likely crash PHP. PHP versions prior to 4.4.5 with a compiled 'Ovrimos SQL Server Extension' are vulnerable to this issue.

References

http://www.php-security.org/MOPB/MOPB-13-2007.html
http://www.php.net
http://www.securityfocus.com/bid/22833

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-1378, CVE-2007-1379

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability

Take action and discover your vulnerabilities