Description
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
Remediation
References
Related Vulnerabilities
MySQL 7PK - Security Features Vulnerability (CVE-2016-2047)
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)
MySQL CVE-2012-0120 Vulnerability (CVE-2012-0120)
WordPress Plugin Network Publisher 'networkpub_key' Parameter Cross-Site Scripting (5.0.1)
WordPress Plugin WP Google Maps Unspecified Vulnerability (6.2.1)