CVE-2007-3806

PHP 5.2.3 - Denial of Service via Invalid Glob Flags Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3806. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates a Denial of Service (DoS) vulnerability in PHP 5.2.3's glob() function by passing a non-integer value to the flags parameter, causing an EIP overwrite. The PoC shows how a specially crafted filename can overwrite the EIP register, potentially leading to arbitrary code execution.

Description

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · phpdosmultiple
https://www.exploit-db.com/exploits/4181

This exploit demonstrates a Denial of Service (DoS) vulnerability in PHP 5.2.3's glob() function by passing a non-integer value to the flags parameter, causing an EIP overwrite. The PoC shows how a specially crafted filename can overwrite the EIP register, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: PHP 5.2.3
No auth needed
Prerequisites: PHP 5.2.3 installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30288
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36085
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2547
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35437
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/4181
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1572
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
Vendor Advisory x_refsource_confirm
http://www.php.net/ChangeLog-5.php#5.2.4
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30158
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26085
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2008/dsa-1578
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27102
Release Notes x_refsource_confirm
http://www.php.net/releases/5_2_4.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24922
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25498
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26642

Scores

EPSS 0.1074
EPSS Percentile 95.3%

Details

CWE
CWE-20 CWE-399
Status published
Products (1)
php/php 5.2.3
Published Jul 17, 2007
Tracked Since Feb 18, 2026