Description

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Remediation

References

CVE-2007-5900

Related Vulnerabilities

Moodle Improper Input Validation Vulnerability (CVE-2012-0801)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4519)

Django Use of Hard-coded Credentials Vulnerability (CVE-2016-9013)

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)

SharePoint Improper Input Validation Vulnerability (CVE-2019-0957)

Severity

Medium

Classification

CVE-2007-5900 CWE-264

Tags

Missing Update Known Vulnerabilities