CVE-2007-4255

PHP 5.2.3 - Buffer Overflow via msql_connect Function

Title source: manual

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4255. PoCs published by Inphex, NetJackal.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the mSQL extension for PHP. It uses a long string of 'A' characters followed by a return address and shellcode to achieve remote code execution on Windows XP.

Description

Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Inphex · phplocalwindows

https://www.exploit-db.com/exploits/4270

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the mSQL extension for PHP. It uses a long string of 'A' characters followed by a return address and shellcode to achieve remote code execution on Windows XP.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP mSQL extension

No auth needed

Prerequisites: PHP with mSQL extension enabled · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by NetJackal · phpdosmultiple

https://www.exploit-db.com/exploits/4260

View Code ZIP pw:eip

This is a proof-of-concept exploit for a buffer overflow vulnerability in the PHP mSQL extension. It triggers the overflow by passing an overly long string to the msql_connect function, overwriting the EIP register with 'BBBB' (0x42424242).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP mSQL extension (tested on PHP 5.2.3)

No auth needed

Prerequisites: PHP with mSQL extension enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4260

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/475660/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25213

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35830

Scores

EPSS 0.0933

EPSS Percentile 94.7%

Details

Status published

Products (1)

php/php 5.2.3

Published Aug 08, 2007

Tracked Since Feb 18, 2026