| ID |
CVE-2007-4255
|
| Summary |
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.5 (as of 15-10-2018 - 21:34) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 25213 | | bugtraq | 20070805 PHP mSQL (msql_connect) Buffer Overflow PoC | | exploit-db | 4260 | | xf | php-msql-connect-bo(35830) |
|
| statements
via4
|
| contributor | Joshua Bressers | | lastmodified | 2007-08-09 | | organization | Red Hat | | statement | Not vulnerable. PHP packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4, and 5 are not compiled with msql library and are not vulnerable to this issue.
|
|
| Last major update |
15-10-2018 - 21:34 |
| Published |
08-08-2007 - 23:17 |
| Last modified |
15-10-2018 - 21:34 |
