CVE-2007-1285
HIGHPHP 4.x < 4.4.7 and 5.x < 5.2.2 - Denial of Service via Deeply Nested Arrays
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1285. PoCs published by Stefan Esser.
AI-analyzed exploit summary This exploit leverages a PHP denial-of-service vulnerability by crafting a malicious POST request with a large number of nested arrays, causing PHP to crash due to improper input sanitization.
Description
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.
Exploits (1)
This exploit leverages a PHP denial-of-service vulnerability by crafting a malicious POST request with a large number of nested arrays, causing PHP to crash due to improper input sanitization.
References (38)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H