CVE-2007-1375

PHP < 5.2.1 - Memory Read via substr_compare Length Argument

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1375. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit leverages a memory leak vulnerability in PHP 5's substr_compare function to dump memory contents. It manipulates the function's behavior to extract sensitive data from memory by comparing characters and inferring memory values.

Description

Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Esser · phplocalmultiple
https://www.exploit-db.com/exploits/3424

This exploit leverages a memory leak vulnerability in PHP 5's substr_compare function to dump memory contents. It manipulates the function's behavior to extract sensitive data from memory by comparing characters and inferring memory values.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PHP 5
No auth needed
Prerequisites: PHP 5 installation with vulnerable substr_compare function
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/32780
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25056
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1283
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24606
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3424
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22851
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200703-21.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25062
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-455-1
Exploit, Vendor Advisory x_refsource_misc
http://www.php-security.org/MOPB/MOPB-14-2007.html
Release Notes x_refsource_confirm
http://us2.php.net/releases/5_2_2.php
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:187
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26895
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25057
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_32_php.html

Scores

EPSS 0.0816
EPSS Percentile 94.1%

Details

Status published
Products (1)
php/php < 5.2.1
Published Mar 10, 2007
Tracked Since Feb 18, 2026