Description
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
Remediation
References
Related Vulnerabilities
WordPress Plugin wpShopGermany Free Arbitrary File Upload (4.0.10)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)
WordPress Plugin OdiHost Newsletter 'openstat.php' SQL Injection (1.0)
Oracle Database Server CVE-2014-6452 Vulnerability (CVE-2014-6452)