CVE-2008-0599 (retired)

Priority
Description
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6
does not properly consider operator precedence when calculating the length
of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary
code via a crafted URI.
Notes
 jdstrand> dapper and feisty have different code that is not affected
Assigned-to
jdstrand
More Information

Updated: 2019-03-26 11:43:02 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)