Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2008-7068)

Description

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Remediation

References

Related Vulnerabilities

Oracle Database Server CVE-2011-0875 Vulnerability (CVE-2011-0875)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.12)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.29)

WordPress Plugin AzonPost Cross-Site Scripting (1.3)

MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40598)

Severity

Medium

Classification

CVE-2008-7068 CWE-20

Tags

Missing Update Known Vulnerabilities