Fluid Attacks Database

Description

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	php	<0:5.1.6-27.el5_7.5	0:5.1.6-27.el5_7.5
rpm rhel6	php	<0:5.3.3-3.el6_2.6	0:5.3.3-3.el6_2.6
rpm rhel5	php53	<0:5.3.3-1.el5_7.6	0:5.3.3-1.el5_7.6

Aliases

1. CVE-2012-08302. NVD-2012-08303. OSV-2012-0830

References

1. https://www.exploit-db.com/exploits/18460

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.