Description

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Remediation

References

CVE-2007-5900

Related Vulnerabilities

Tornado Improper Input Validation Vulnerability (CVE-2012-2374)

WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)

Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-10933)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9665)

Severity

Medium

Classification

CVE-2007-5900 CWE-264

Tags

Missing Update Known Vulnerabilities