PT-2010-3494 · Php · Php
Published
2010-05-07
·
Updated
2010-05-11
·
CVE-2010-1868
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP versions 5.2 through 5.2.13
PHP versions 5.3 through 5.3.2
Description
The issue allows context-dependent attackers to execute arbitrary code by calling certain functions with an empty SQL query, triggering access of uninitialized memory. This is related to the
sqlite single query and sqlite array query functions in the ext/sqlite/sqlite.c file.Recommendations
For PHP versions 5.2 through 5.2.13, update to a version outside of this range to resolve the issue.
For PHP versions 5.3 through 5.3.2, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider avoiding the use of empty SQL queries with the
sqlite single query and sqlite array query functions until a patch is available.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php