WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2012-0788)

Description

The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2008-0339 Vulnerability (CVE-2008-0339)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)

WordPress Plugin Car Rental System SQL Injection (3.0)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4288)

IBMHttpServer Other Vulnerability (CVE-2006-3918)

Severity

Medium

Classification

CVE-2012-0788 CWE-20

Tags

Missing Update Known Vulnerabilities