You are here

U-097: PHP "php_register_variable_ex()" Code Execution Vulnerability

February 7, 2012 - 9:00am

Addthis

PROBLEM:

PHP "php_register_variable_ex()" Code Execution Vulnerability

PLATFORM:

PHP 5.3.x

ABSTRACT:

Execution of arbitrary code via network as well as user access via network

reference LINKS:

PHP Security Archive
SecurityTracker Alert ID: 1026631
Secunia Advisory SA47806
CVE-2012-0830

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.

Impact:

A remote user can send specially crafted data to trigger a memory error in php_register_variable_ex() and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Solution:

The vendor has issued a fix (5.3.10)

Addthis