Description

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

Remediation

References

CVE-2007-1887

Related Vulnerabilities

Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2019-20406)

WordPress Plugin Social Login Lite For WooCommerce Security Bypass (1.6.0)

WordPress Plugin wp-microblogs Cross-Site Scripting (0.4.0)

WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)

Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)

Severity

High

Classification

CVE-2007-1887

Tags

Missing Update Known Vulnerabilities