Description

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Remediation

References

CVE-2007-5900

Related Vulnerabilities

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Unspecified Vulnerability (2.6.21)

WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)

Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2022-35957)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.38)

Severity

Medium

Classification

CVE-2007-5900 CWE-264

Tags

Missing Update Known Vulnerabilities