CVE-2007-3205 Information
Share on:Description
The parse_str function in (1) PHP (2) Hardened-PHP and (3) Suhosin when called without a second parameter might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
Reference
http://osvdb.org/39834 http://securityreason.com/securityalert/2800 http://www.acid-root.new.fr/advisories/14070612.txt http://www.securityfocus.com/archive/1/471178/100/0/threaded http://www.securityfocus.com/archive/1/471204/100/0/threaded http://www.securityfocus.com/archive/1/471275/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/34836