CVE-2008-7068
PHP 5.2.6 and 4.x - Denial of Service via dba_replace NULL Byte Key
Title source: llmDescription
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498982/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47316
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/52206
Exploit third-party-advisory
x_refsource_sreasonres
http://securityreason.com/achievement_securityalert/58
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498746/100/0/threaded
Vendor Advisory x_refsource_confirm
http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/498981/100/0/threaded
Scores
EPSS
0.0041
EPSS Percentile
61.4%
Details
CWE
CWE-20
Status
published
Products (35)
php/php
4.0 (8 CPE variants)
php/php
4.0.0
php/php
4.0.1 (3 CPE variants)
php/php
4.0.2
php/php
4.0.3 (2 CPE variants)
php/php
4.0.4 (2 CPE variants)
php/php
4.0.5
php/php
4.0.6
php/php
4.0.7 (5 CPE variants)
php/php
4.1.0
... and 25 more
Published
Aug 25, 2009
Tracked Since
Feb 18, 2026