CVE-2007-1583

Priority
Untriaged
Description
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 sets the internal register_globals flag and does not disable it in
certain cases when a script terminates, which allows remote attackers to
invoke available PHP scripts with register_globals functionality that is
not detectable by these scripts, as demonstrated by forcing a memory_limit
violation.
References
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2018-06-26 04:26:06 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)