Summary
PHP4 is prone to a code-execution vulnerability due to a design error in a vulnerable extension.
For this vulnerability to occur, the non-maintained 'Ovrimos SQL Server Extension' must have been compiled into the targetted PHP implementation.
Successful exploits may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploits would likely crash PHP.
PHP versions prior to 4.4.5 with a compiled 'Ovrimos SQL Server Extension' are vulnerable to this issue.
References
Severity
Classification
-
CVE CVE-2007-1378, CVE-2007-1379 -
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability