CVE-2007-3205

Name of the Vulnerable Software and Affected Versions: PHP (affected versions not specified) Hardened-PHP (affected versions not specified) Suhosin (affected versions not specified)

Description: The issue concerns the parse str function, which may allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed when called without a second parameter. This could potentially be regarded as a design limitation of the function or a bug in the affected software.

Recommendations: For PHP, consider adding a second parameter to the parse str function to prevent variable overwriting. For Hardened-PHP, consider modifying the parse str function to handle cases where it is called without a second parameter. For Suhosin, consider restricting the use of the parse str function until a more robust solution is implemented. As a temporary workaround, consider disabling the use of the parse str function without a second parameter until a patch is available.