WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2008-7068)

Description

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Remediation

References

Related Vulnerabilities

WordPress Plugin Theme Blvd Widget Areas Multiple Security Bypass Vulnerabilities (1.2.2)

WordPress Plugin 10Web Map Builder for Google Maps Cross-Site Scripting (1.0.69)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31548)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-30545)

WordPress Plugin Catch Themes Demo Import Unspecified Vulnerability (1.8)

Severity

Medium

Classification

CVE-2008-7068 CWE-20

Tags

Missing Update Known Vulnerabilities