The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP up to and including 5.6.7 does not validate token extraction for table names, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x |
||
php php |