CVE-2004-0594
PHP 4.x-5.0.0RC3 - RCE
Title source: llmDescription
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gyan Chawdhary · cremotelinux
https://www.exploit-db.com/exploits/660
References (19)
Scores
EPSS
0.7773
EPSS Percentile
99.0%
Details
CWE
CWE-367
Status
published
Products (13)
avaya/converged_communications_server
2.0
debian/debian_linux
3.0
hp/hp-ux
b.11.00
hp/hp-ux
b.11.11
hp/hp-ux
b.11.22
hp/hp-ux
b.11.23
openpkg/openpkg
2.0
openpkg/openpkg
2.1
php/php
5.0.0 beta1 (6 CPE variants)
php/php
4.0 - 4.3.7
... and 3 more
Published
Jul 27, 2004
Tracked Since
Feb 18, 2026