CVE-2007-1399

CRITICAL

Php < 1.8.4 - Buffer Overflow

Title source: rule

Description

Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocallinux

https://www.exploit-db.com/exploits/3440

View Code ZIP pw:eip

References (10)

[Broken Link] http://lists.suse.com/archive/suse-security-announce/2007-Mar/0003.html

[Not Applicable] http://secunia.com/advisories/24471

[Not Applicable] http://secunia.com/advisories/24514

[Not Applicable] http://secunia.com/advisories/25938

[Mailing List, Third Party Advisory] http://www.debian.org/security/2007/dsa-1330

[Broken Link] http://www.osvdb.org/32782

[Exploit, Vendor Advisory] http://www.php-security.org/MOPB/MOPB-16-2007.html

[Broken Link] http://www.securityfocus.com/bid/22883

[Not Applicable] http://www.vupen.com/english/advisories/2007/0898

[Third Party Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/32889

Scores

CVSS v3 9.8

EPSS 0.3902

EPSS Percentile 97.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

php/php 5.2.0

php/php 5.2.1

pierrejoye/php_zip < 1.8.4

Published Mar 10, 2007

Tracked Since Feb 18, 2026