Description

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Remediation

References

CVE-2012-0830

Related Vulnerabilities

Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21654)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)

Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)

WordPress Plugin Forminator-Contact Form, Payment Form & Custom Form Builder Cross-Site Request Forgery (1.13.4)

WordPress Plugin ACF:Better Search SQL Injection (2.0.2)

Severity

High

Classification

CVE-2012-0830

Tags

Missing Update Known Vulnerabilities