Description

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Remediation

References

CVE-2008-0599

Related Vulnerabilities

Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-28651)

Liferay DXP Other Vulnerability (CVE-2023-33947)

WordPress Plugin FoxyPress Multiple Vulnerabilities (0.4.2.5)

WordPress Plugin Rich Table of Contents Cross-Site Scripting (1.3.7)

WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)

Severity

Critical

Classification

CVE-2008-0599 CWE-131 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities