CVE-2005-3389

Name of the Vulnerable Software and Affected Versions PHP versions 4.x up to 4.4.0 PHP versions 5.x up to 5.0.5

Description The issue allows remote attackers to enable the register globals directive in PHP applications under certain conditions. This can be achieved by providing inputs that cause a request to be terminated due to the memory limit setting, resulting in PHP setting an internal flag that enables register globals. This enables attackers to exploit vulnerabilities in PHP applications that would otherwise be protected by the disabled register globals directive.

Recommendations For PHP versions 4.x up to 4.4.0, update to a version higher than 4.4.0 to resolve the issue. For PHP versions 5.x up to 5.0.5, update to a version higher than 5.0.5 to resolve the issue. As a temporary workaround, consider disabling the parse str function until a patch is available.