The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2005-11-01 04:47
Updated : 2018-10-30 09:25
NVD link : CVE-2005-3389
Mitre link : CVE-2005-3389
JSON object : View
CWE
Products Affected
php
- php