FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- arbitrary remote code execution vulnerability

Affected packages
5.3.9 <= php5 < 5.3.10


VuXML ID 3fd040be-4f0b-11e1-9e32-0025900931f8
Discovery 2012-02-02
Entry 2012-02-04
Modified 2012-02-06

Secunia reports:

A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a logic error within the "php_register_variable_ex()" function (php_variables.c) when hashing form posts and updating a hash table, which can be exploited to execute arbitrary code.


CVE Name CVE-2012-0830