Description

The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.

Remediation

References

CVE-2007-4887

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45473)

WordPress Plugin Modern Events Calendar Lite Arbitrary File Upload (7.11.0)

Oracle JRE CVE-2018-2663 Vulnerability (CVE-2018-2663)

Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-48896)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)

Severity

Medium

Classification

CVE-2007-4887 CWE-20

Tags

Missing Update Known Vulnerabilities