Description

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.

Remediation

References

CVE-2008-0599

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-28335)

WordPress Plugin Complianz-GDPR/CCPA Cookie Consent Cross-Site Scripting (5.5.2)

OpenSSL Double Free Vulnerability (CVE-2003-0545)

Oracle Database Server CVE-2014-6538 Vulnerability (CVE-2014-6538)

WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)

Severity

Critical

Classification

CVE-2008-0599 CWE-131 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities