Description

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

Remediation

References

CVE-2007-4659

Related Vulnerabilities

WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996)

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2017-7657)

WordPress Plugin WP-Stats 'author' Parameter SQL Injection (2.0)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2080)

WordPress Plugin WordPress Poll Multiple SQL Injection Vulnerabilities (33.5)

Severity

High

Classification

CVE-2007-4659

Tags

Missing Update Known Vulnerabilities