Vulnerability Description
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hardened-Php Project | Hardened-Php | All versions |
| Hardened-Php Project | Subhosin | All versions |
| Php | Php | All versions |
References
- http://osvdb.org/39834
- http://securityreason.com/securityalert/2800
- http://www.acid-root.new.fr/advisories/14070612.txt
- http://www.securityfocus.com/archive/1/471178/100/0/threaded
- http://www.securityfocus.com/archive/1/471204/100/0/threaded
- http://www.securityfocus.com/archive/1/471275/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34836
- http://osvdb.org/39834
- http://securityreason.com/securityalert/2800
- http://www.acid-root.new.fr/advisories/14070612.txt
- http://www.securityfocus.com/archive/1/471178/100/0/threaded
- http://www.securityfocus.com/archive/1/471204/100/0/threaded
- http://www.securityfocus.com/archive/1/471275/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34836
FAQ
What is CVE-2007-3205?
CVE-2007-3205 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names...
How severe is CVE-2007-3205?
CVE-2007-3205 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3205?
Check the references section above for vendor advisories and patch information. Affected products include: Hardened-Php Project Hardened-Php, Hardened-Php Project Subhosin, Php Php.