Description

Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off by one overflow."

Remediation

References

CVE-2007-1886

Related Vulnerabilities

WordPress Plugin Translate WordPress with GTranslate Open Redirect (2.8.10)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6387)

WordPress Plugin P3 (Plugin Performance Profiler) Cross-Site Scripting (1.5.3.8)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7833)

Microsoft SQL Server Other Vulnerability (CVE-2000-1085)

Severity

Medium

Classification

CVE-2007-1886

Tags

Missing Update Known Vulnerabilities