Main Vulnerability Database Exploits ID:11608 - Exploit for Allocation of Resources Without Limits or Throttling in PHP - CVE-2009-4017

ID:11608 - Exploit for Allocation of Resources Without Limits or Throttling in PHP - CVE-2009-4017

Published: June 13, 2025

Vulnerability identifier: #VU110318

Vulnerability risk: Medium

CVE-ID: CVE-2009-4017

CWE-ID: CWE-770

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/10242/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.

Remediation

Install update from vendor's website.

ID:11608 - Exploit for Allocation of Resources Without Limits or Throttling in PHP - CVE-2009-4017

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human