Main Vulnerability Database Exploits ID:11531 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in PHP - CVE-2004-0594

ID:11531 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in PHP - CVE-2004-0594

Published: June 10, 2025

Vulnerability identifier: #VU110522

Vulnerability risk: Medium

CVE-ID: CVE-2004-0594

CWE-ID: CWE-367

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/660/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Remediation

Install update from vendor's website.

ID:11531 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in PHP - CVE-2004-0594

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human