mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 07:12:47 +00:00
984 B
984 B
CVE-2012-0830
Description
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
POC
Reference
- http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
- http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
- https://gist.github.com/1725489