CVEs-PoC/2012/CVE-2012-0830.md

### [CVE-2012-0830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

### POC

#### Reference
- http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
- http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
- https://gist.github.com/1725489

#### Github
No PoCs found on GitHub currently.