Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Other Vulnerability (CVE-2007-1777)

Description

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

Remediation

References

Related Vulnerabilities

WordPress Plugin 3D Tag Cloud Cross-Site Request Forgery (3.8)

WordPress Plugin Form for WordPress-Zoho Forms Cross-Site Scripting (3.0)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5734)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6897)

SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-24955)

Severity

High

Classification

CVE-2007-1777

Tags

Missing Update Known Vulnerabilities