The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.
References
Information
Published : 2015-03-30 03:59
Updated : 2022-11-04 19:10
NVD link : CVE-2015-1352
Mitre link : CVE-2015-1352
JSON object : View
CWE
Products Affected
apple
- mac_os_x
php
- php