Published: 21/03/2007 Updated: 30/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The resource system in PHP 4.0.0 up to and including 4.4.6 and 5.0.0 up to and including 5.2.1 allows context-dependent malicious users to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 4.0.1
php php 4.0.2
php php 4.0.7
php php 4.0
php php 4.2.3
php php 4.2
php php 4.3.4
php php 4.3.5
php php 4.4.2
php php 4.4.3
php php 5.0.0
php php 5.0.5
php php 5.0
php php 5.1.3
php php 5.1.4
php php 5.1.5
php php 4.0.0
php php 4.0.4
php php 4.1.2
php php 4.2.0
php php 4.3.10
php php 4.3.11
php php 4.3.8
php php 4.3.9
php php 5.0.1
php php 5.0.2
php php 5.1.0
php php 5.2.1
php php 4.0.3
php php 4.1.0
php php 4.1.1
php php 4.3.0
php php 4.3.1
php php 4.3.6
php php 4.3.7
php php 4.4.4
php php 4.4.5
php php 4.4.6
php php 5.1.6
php php 5.2.0
php php 4.0.5
php php 4.0.6
php php 4.2.1
php php 4.2.2
php php 4.3.2
php php 4.3.3
php php 4.4.0
php php 4.4.1
php php 5.0.3
php php 5.0.4
php php 5.1.1
php php 5.1.2

<?php //////////////////////////////////////////////////////////////////////// // _ _ _ _ ___ _ _ ___ // // | || | __ _ _ _ __| | ___ _ _ ___ __| | ___ | _ \| || || _ \ // // | __ |/ _` || '_|/ _` |/ -_)| ' \ / -_)/ _` ||___|| _/| __ || _/ // // |_||_|\__,_||_| \__,_|\___||_||_|\_ ...

NVD-CWE-Other http://www.php-security.org/MOPB/MOPB-27-2007.html http://www.securityfocus.com/bid/23046 http://secunia.com/advisories/24542 https://www.exploit-db.com/exploits/3525 https://nvd.nist.gov https://www.exploit-db.com/exploits/3525/

CVE-2007-1582

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect