Main Vulnerability Database Vulnerabilities #VU110445

#VU110445 Input validation error in PHP - CVE-2007-1401

Published: October 16, 2018 / Updated: June 12, 2025

Vulnerability identifier: #VU110445

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2007-1401

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a local user to execute arbitrary code.

Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.

Remediation

Install update from vendor's website.

External links

http://retrogod.altervista.org/php_446_crack_opendict_local_bof.html
http://securityreason.com/securityalert/2405
http://www.securityfocus.com/archive/1/462226/100/0/threaded
https://www.exploit-db.com/exploits/3431

#VU110445 Input validation error in PHP - CVE-2007-1401

Description

Remediation

External links

Please verify you're human