CVE-2008-7068

Name of the Vulnerable Software and Affected Versions PHP versions 4.x through 5.2.6

Description The issue allows context-dependent attackers to cause a denial of service, specifically file truncation, under certain circumstances. This can happen when an attacker can modify or add database entries but lacks the necessary permissions to directly truncate the file. The attack is facilitated through a key containing the NULL byte, which is processed by the dba replace function.

Recommendations For PHP versions 4.x through 5.2.6, consider restricting access to the dba replace function to prevent potential exploitation, especially in scenarios where database entry modification is possible but file truncation permissions are restricted. At the moment, there is no information about a newer version that contains a fix for this vulnerability.