header-logo
Suggest Exploit
vendor:
PHP
by:
7.5
CVSS
HIGH
Denial-of-Service
20
CWE
Product Name: PHP
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE:
CPE: php
Metasploit:
Other Scripts:
Platforms Tested:

Denial-of-Service Vulnerability in PHP

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker with permissions to execute PHP code on an affected computer may exploit this issue to crash PHP and kill all remaining webserver threads. This will result in denial-of-service conditions. Although this issue is local in nature, a remote attacker may exploit it by using other latent vulnerabilities such as a remote file-include issues; other remote attack vectors are also possible.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/22766/info

PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.

An attacker with permissions to execute PHP code on an affected computer may exploit this issue to crash PHP and kill all remaining webserver threads. This will result in denial-of-service conditions.

Although this issue is local in nature, a remote attacker may exploit it by using other latent vulnerabilities such as a remote file-include issues; other remote attack vectors are also possible.

This issue affects all versions of PHP. 

$ curl http://www.example.com/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",20000);'`=1

Navigation

Suggest Exploit

Services By CQR