Main Vulnerability Database Vulnerabilities #VU110387

#VU110387 Input validation error in PHP - CVE-2007-3806

Published: September 29, 2017 / Updated: June 13, 2025

Vulnerability identifier: #VU110387

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2007-3806

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.

Remediation

Install update from vendor's website.

External links

http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log
http://osvdb.org/36085
http://secunia.com/advisories/26085
http://secunia.com/advisories/26642
http://secunia.com/advisories/27102
http://secunia.com/advisories/30158
http://secunia.com/advisories/30288
http://www.debian.org/security/2008/dsa-1572
http://www.debian.org/security/2008/dsa-1578
http://www.exploit-db.com/exploits/4181
http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
http://www.php.net/ChangeLog-5.php#5.2.4
http://www.php.net/releases/5_2_4.php
http://www.securityfocus.com/bid/24922
http://www.securityfocus.com/bid/25498
http://www.vupen.com/english/advisories/2007/2547
https://exchange.xforce.ibmcloud.com/vulnerabilities/35437

#VU110387 Input validation error in PHP - CVE-2007-3806

Description

Remediation

External links

Please verify you're human