PHP5.Register.Variable.Ex.Function.Code.Execution
Description
This indicates a possible attack against a Code Execution vulnerability in PHP.
The vulnerability is due to improper handling of an error condition
in function php_register_variable_ex when the number of variables exceeds max_input_vars. A remote attacker can exploit this by sending a malicious request. A successful attack may result in arbitrary code execution in the context of the HTTP service.
Affected Products
PHP Group PHP 5.3.9
PHP Group PHP 5.3.8 and prior with fix for CVE-2011-4885
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply updates or fixes, available from the website:
http://www.php.net/archive/2012.php#id2012-02-02-1
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-10-19 | 18.181 | Sig Added |