ID:11495 - Exploit for Input validation error in PHP - CVE-2009-2626

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:11495 - Exploit for Input validation error in PHP - CVE-2009-2626

ID:11495 - Exploit for Input validation error in PHP - CVE-2009-2626

Published: June 9, 2025


Vulnerability identifier: #VU110316
Vulnerability risk: Medium
CVE-ID: CVE-2009-2626
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
PHP

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read memory contents or crash the application.

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.


Remediation

Install update from vendor's website.