Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-3017

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jun, 2006 | 23:00
Updated At-07 Aug, 2024 | 18:16
Rejected At-
Credits

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jun, 2006 | 23:00
Updated At:07 Aug, 2024 | 18:16
Rejected At:
▼CVE Numbering Authority (CNA)

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/21723
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-683
x_refsource_CONFIRM
http://secunia.com/advisories/21252
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/21202
third-party-advisory
x_refsource_SECUNIA
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
x_refsource_CONFIRM
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
vendor-advisory
x_refsource_TURBO
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
x_refsource_CONFIRM
http://www.debian.org/security/2006/dsa-1206
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/21050
third-party-advisory
x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_31_php.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/archive/1/442437/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.osvdb.org/26466
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/22713
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0568.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/21135
third-party-advisory
x_refsource_SECUNIA
http://www.php.net/release_5_1_3.php
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/447866/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securitytracker.com/id?1016649
vdb-entry
x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2006-0549.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/22225
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/21125
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/19927
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/25255
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
vdb-entry
x_refsource_XF
http://securitytracker.com/id?1016306
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/21031
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0567.html
vendor-advisory
x_refsource_REDHAT
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
vendor-advisory
x_refsource_SGI
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
vdb-entry
signature
x_refsource_OVAL
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
x_refsource_MISC
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
x_refsource_CONFIRM
https://usn.ubuntu.com/320-1/
vendor-advisory
x_refsource_UBUNTU
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
mailing-list
x_refsource_FULLDISC
http://www.novell.com/linux/security/advisories/2006_34_php4.html
vendor-advisory
x_refsource_SUSE
http://www.securityfocus.com/bid/17843
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/21723
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://issues.rpath.com/browse/RPL-683
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/21252
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/21202
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
Resource:
vendor-advisory
x_refsource_TURBO
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2006/dsa-1206
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/21050
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.novell.com/linux/security/advisories/2006_31_php.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/archive/1/442437/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.osvdb.org/26466
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/22713
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0568.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/21135
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.php.net/release_5_1_3.php
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/447866/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securitytracker.com/id?1016649
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0549.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/22225
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/21125
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/19927
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/25255
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://securitytracker.com/id?1016306
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/21031
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0567.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
Resource:
x_refsource_MISC
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
Resource:
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/320-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.novell.com/linux/security/advisories/2006_34_php4.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securityfocus.com/bid/17843
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/21723
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://issues.rpath.com/browse/RPL-683
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/21252
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/21202
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
x_refsource_CONFIRM
x_transferred
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
vendor-advisory
x_refsource_TURBO
x_transferred
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2006/dsa-1206
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/21050
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.novell.com/linux/security/advisories/2006_31_php.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/archive/1/442437/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.osvdb.org/26466
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/22713
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0568.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/21135
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.php.net/release_5_1_3.php
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/447866/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securitytracker.com/id?1016649
vdb-entry
x_refsource_SECTRACK
x_transferred
http://rhn.redhat.com/errata/RHSA-2006-0549.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/22225
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/21125
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/19927
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/25255
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
vdb-entry
x_refsource_XF
x_transferred
http://securitytracker.com/id?1016306
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/21031
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2006-0567.html
vendor-advisory
x_refsource_REDHAT
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
vendor-advisory
x_refsource_SGI
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
x_refsource_MISC
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
x_refsource_CONFIRM
x_transferred
https://usn.ubuntu.com/320-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.novell.com/linux/security/advisories/2006_34_php4.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securityfocus.com/bid/17843
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/21723
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://issues.rpath.com/browse/RPL-683
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/21252
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/21202
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
Resource:
vendor-advisory
x_refsource_TURBO
x_transferred
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2006/dsa-1206
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/21050
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_31_php.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/442437/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.osvdb.org/26466
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/22713
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0568.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/21135
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.php.net/release_5_1_3.php
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/447866/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securitytracker.com/id?1016649
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0549.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/22225
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/21125
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/19927
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/25255
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://securitytracker.com/id?1016306
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/21031
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0567.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/320-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2006_34_php4.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/17843
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jun, 2006 | 23:02
Updated At:03 Apr, 2025 | 01:03

zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
The PHP Group
php
>>php>>Versions up to 4.4.2(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0
cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.1
cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.2
cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.3
cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.4
cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.5
cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.6
cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.7
cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.8
cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.9
cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.10
cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.11
cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.12
cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.13
cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.14
cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.15
cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.16
cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.17
cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
The PHP Group
php
>>php>>3.0.18
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:rc1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0
cpe:2.3:a:php:php:4.0:rc2:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.0
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.1
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.1
cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.1
cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.2
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.3
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.3
cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.4
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.4
cpe:2.3:a:php:php:4.0.4:patch1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.5
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.6
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.7
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.7
cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.7
cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*
The PHP Group
php
>>php>>4.0.7
cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*
The PHP Group
php
>>php>>4.1.0
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.1.1
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.1.2
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.2
cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*
The PHP Group
php
>>php>>4.2.0
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.2.1
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>4.2.2
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Ucve@mitre.org
N/A
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.htmlcve@mitre.org
N/A
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2cve@mitre.org
N/A
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=logcve@mitre.org
N/A
http://rhn.redhat.com/errata/RHSA-2006-0549.htmlcve@mitre.org
N/A
http://secunia.com/advisories/19927cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21031cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21050cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21125cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21135cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21202cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21252cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/21723cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/22225cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/22713cve@mitre.org
Vendor Advisory
http://securitytracker.com/id?1016306cve@mitre.org
N/A
http://securitytracker.com/id?1016649cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htmcve@mitre.org
N/A
http://www.debian.org/security/2006/dsa-1206cve@mitre.org
N/A
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.htmlcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122cve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2006_31_php.htmlcve@mitre.org
N/A
http://www.novell.com/linux/security/advisories/2006_34_php4.htmlcve@mitre.org
N/A
http://www.osvdb.org/25255cve@mitre.org
N/A
http://www.osvdb.org/26466cve@mitre.org
N/A
http://www.php.net/release_5_1_3.phpcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2006-0567.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2006-0568.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/442437/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/447866/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/17843cve@mitre.org
N/A
http://www.turbolinux.com/security/2006/TLSA-2006-38.txtcve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396cve@mitre.org
N/A
https://issues.rpath.com/browse/RPL-683cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118cve@mitre.org
N/A
https://usn.ubuntu.com/320-1/cve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20060701-01-Uaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2af854a3a-2127-422b-91ae-364da2661108
N/A
http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=logaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2006-0549.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19927af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21031af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21050af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21125af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21135af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21202af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21252af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/21723af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/22225af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/22713af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1016306af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1016649af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2006-175.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2006/dsa-1206af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006_31_php.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.novell.com/linux/security/advisories/2006_34_php4.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/25255af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/26466af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.php.net/release_5_1_3.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0567.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2006-0568.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/442437/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/447866/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/17843af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.turbolinux.com/security/2006/TLSA-2006-38.txtaf854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/27396af854a3a-2127-422b-91ae-364da2661108
N/A
https://issues.rpath.com/browse/RPL-683af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/320-1/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0549.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/19927
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21031
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21050
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21125
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21135
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21202
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21252
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21723
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22225
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22713
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016306
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016649
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1206
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_31_php.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_34_php4.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/25255
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/26466
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.php.net/release_5_1_3.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0567.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0568.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/442437/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447866/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17843
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-683
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/320-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0166.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&r1=1.87.4.8.2.1&r2=1.87.4.8.2.2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?hideattic=0&view=log
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2006-0549.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19927
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21050
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21125
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21135
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21202
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21252
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/21723
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22225
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22713
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1016306
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1016649
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2006-175.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2006/dsa-1206
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_31_php.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.novell.com/linux/security/advisories/2006_34_php4.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/25255
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/26466
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.php.net/release_5_1_3.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0567.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2006-0568.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/442437/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/447866/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/27396
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://issues.rpath.com/browse/RPL-683
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10118
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/320-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2007-5653
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.04% / 86.15%
||
7 Day CHG~0.00%
Published-23 Oct, 2007 | 21:00
Updated-07 Aug, 2024 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2007-2844
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.88% / 74.49%
||
7 Day CHG~0.00%
Published-24 May, 2007 | 18:00
Updated-07 Aug, 2024 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1581
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-10.93% / 93.13%
||
7 Day CHG~0.00%
Published-21 Mar, 2007 | 23:00
Updated-07 Aug, 2024 | 12:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-4483
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.33% / 79.13%
||
7 Day CHG~0.00%
Published-31 Aug, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-862
Missing Authorization
CVE-2006-4482
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.50% / 89.86%
||
7 Day CHG~0.00%
Published-31 Aug, 2006 | 21:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.The PHP Group
Product-phpdebian_linuxubuntu_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2006-0200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-11.29% / 93.26%
||
7 Day CHG~0.00%
Published-13 Jan, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2006-1017
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.49% / 89.84%
||
7 Day CHG~0.00%
Published-07 Mar, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2009-3546
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.3||HIGH
EPSS-3.46% / 87.08%
||
7 Day CHG~0.00%
Published-19 Oct, 2009 | 19:27
Updated-07 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-libgdn/aThe PHP Group
Product-gd_graphics_libraryphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Details not found