PT-2007-3421 · Php+2 · Php+2

Retrogod

Published

2007-04-18

Updated

2017-10-11

CVE-2007-2079

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions XAMPP versions 1.6.0a and earlier

Description The issue concerns the ADONewConnection Connect function in adodb.php, which uses untrusted input for the database server hostname. This allows remote attackers to potentially trigger a library buffer overflow and execute arbitrary code via a long host parameter. The impact of this issue could also be unspecified.

Recommendations For XAMPP versions 1.6.0a and earlier, consider updating to a newer version that addresses this issue, although the exact fix might be argued to be in other products such as PHP or the ADOdb Library. As a temporary workaround, restrict the input for the database server hostname to prevent potential buffer overflow attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2079

Affected Products

Adodb Library

Php

Xampp

PT-2007-3421 · Php+2 · Php+2

CVE-2007-2079

Related Identifiers

Affected Products

References · 6