Vulnerabilities > PHP > PHP > 5.3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-26 | CVE-2010-1130 | Permissions, Privileges, and Access Controls vulnerability in PHP session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. | 5.0 |
2010-03-16 | CVE-2010-0397 | Remote Denial of Service vulnerability in PHP 5.3.1 The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument. | 5.0 |
2007-03-21 | CVE-2007-1581 | Code Injection vulnerability in PHP The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. | 9.3 |