Description

The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.

Remediation

References

CVE-2007-1325

Related Vulnerabilities

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Security Bypass (1.3.6.4)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1766)

Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-14064)

Nginx Off-by-one Error Vulnerability (CVE-2021-23017)

OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)

Severity

High

Classification

CVE-2007-1325

Tags

Missing Update Known Vulnerabilities