Description
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Remediation
References
Related Vulnerabilities
Squid Uncontrolled Resource Consumption Vulnerability (CVE-2021-28651)
Liferay DXP Other Vulnerability (CVE-2023-33947)
WordPress Plugin FoxyPress Multiple Vulnerabilities (0.4.2.5)
WordPress Plugin Rich Table of Contents Cross-Site Scripting (1.3.7)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)