Description

The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

Remediation

References

CVE-2007-5424

Related Vulnerabilities

Oracle Database Server CVE-2011-0877 Vulnerability (CVE-2011-0877)

WordPress Plugin WP-Polls Cross-Site Scripting (2.60)

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Vulnerabilities (1.3.6)

WebLogic CVE-2020-2552 Vulnerability (CVE-2020-2552)

PHP Improper Input Validation Vulnerability (CVE-2016-10712)

Severity

High

Classification

CVE-2007-5424

Tags

Missing Update Known Vulnerabilities