DescriptionThe mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SA:2007:032, published Wed, 23 May 2007 12:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 02:48:50 2013
CVE page last modified: Fri Oct 7 12:45:36 2022