vendor:
PHP
by:
Stefan Esser
5.5
CVSS
MEDIUM
register_globals directive activation
74
CWE
Product Name: PHP
Affected Version From: PHP 4
Affected Version To: PHP 4.4.6 and PHP 5 to 5.2.1
Patch Exists: NO
Related CWE: None mentioned
CPE: a:php:php
Platforms Tested: None mentioned
2007
PHP register_globals Directive Activation Weakness
This weakness allows attackers to enable the 'register_globals' directive in PHP by exploiting a memory-limit exception. Enabling 'register_globals' may allow further exploitation of latent vulnerabilities in PHP scripts. This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249.
Mitigation:
Disable the 'register_globals' directive in PHP configuration. Upgrade to a version of PHP that doesn't have this vulnerability.