CVE-2007-1649

PHP 5.2.1 - Info Disclosure

Title source: llm

Description

PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stefan Esser · phplocalmultiple

https://www.exploit-db.com/exploits/3559

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:126

[Exploit] http://www.php-security.org/MOPB/MOPB-29-2007.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23105

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33170

[Release Notes] http://us2.php.net/releases/5_2_2.php

[Third Party Advisory] http://secunia.com/advisories/24630

Scores

EPSS 0.0679

EPSS Percentile 91.4%

Details

Status published

Products (1)

php/php 5.2.1

Published Mar 24, 2007

Tracked Since Feb 18, 2026