Description

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.

Remediation

References

CVE-2007-1285

Related Vulnerabilities

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8419)

WordPress Plugin Responsive Products Showcase Listing for WordPress-WP Product Gallery Lite includes Backdoor [Only if downloaded via the vendor website] (1.1.1)

WordPress Plugin WP Custom Pages 'url' Parameter Local File Disclosure (0.5.0.1)

WordPress Plugin TRADIES Information Disclosure (2.2.6)

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7140)

Severity

Medium

Classification

CVE-2007-1285 CWE-119

Tags

Missing Update Known Vulnerabilities