PHP Zend_Hash_Del_Key_Or_Index vulnerability

PHP Zend_Hash_Del_Key_Or_Index vulnerability

Published on 2006-08-07. Updated on 2007-03-20.

Description:

Stefan Esser had discovered a weakness within the depths of the implementation of hashtables in the Zend Engine. This vulnerability affects a large number of PHP applications. It creates large new holes in many popular PHP applications. Additonally many old holes that were disclosed in the past were only fixed by using the unset() statement. Many of these holes are still open if the already existing exploits are changed by adding the correct numerical keys to survive the unset(). For a detailed explanation of the vulnerability read the referenced article.

Affected PHP versions (up to 4.4.2/5.1.3).

Impact:
Possible code execution, SQL injection, ...

Recommendation:
Upgrade PHP to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : PHP
ApplicableOS: All
ApplicableWebServer: All

References:

Zend_Hash_Del_Key_Or_Index Vulnerability

PHP Homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking