CVE-2007-1484
PHP <4.4.6 & <5.2.1 - Code Injection
Title source: llmDescription
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operation after array_user_key_compare has been called.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Stefan Esser · phplocallinux
https://www.exploit-db.com/exploits/3499
References (16)
Scores
EPSS
0.0018
EPSS Percentile
39.2%
Details
Status
published
Products (1)
php/php
< 4.4.6
Published
Mar 16, 2007
Tracked Since
Feb 18, 2026