| The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2012-0830
PHP: code execution via max_input_vars
Synthesis of the vulnerability
| An attacker can use an url with several parameters of type array, in order to corrupt the PHP memory, which leads to a denial of service or to code execution. |
Severity: 4/4.
Creation date: 03/02/2012.
|
Impacted products
Description of the vulnerability
| In order to correct the VIGILANCE-VUL-11379 (hash collision) vulnerability, a ne... |
Share this bulletin
Complete Vigil@nce bulletin
Characteristics
Title: PHP: code execution via max_input_vars.
Keywords: 1000 PHP code execution max_input_vars php_register_variable_ex php_variables.
Identifiers: BID-51830, CERTA-2012-AVI-055, CVE-2012-0830, DSA 2403-1, DSA 2403-2, FEDORA-2012-1262, FEDORA-2012-1301, MDVSA-2012:065, MDVSA-2012:071, openSUSE-SU-2012:0426-1, RHSA-2012:0092-01, RHSA-2012:0093-01, SSA:2012-041-02, SUSE-SU-2012:0411-1, SUSE-SU-2012:0496-1, VIGILANCE-VUL-11341.
|
Computer vulnerabilities tracking service
Vigil@nce provides computer vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.
|
