|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
An overflow exists in the 'mysql_connect' function of PHP. The function fails to validate the 'pipe' parameter, resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): ensure that the mysql_connect() is only called with sanitised and trusted parameters.
|
|
Products |
|
PHP
 |
4.4.0 |
4.3.10 |
|
|
|
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|