CVE-2008-7068

Exploit

EPSS 0.4%
Published 25.08.2009 10:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte.  NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version4.0

Php ≫ Php Version4.0 Updatebeta_4_patch1

Php ≫ Php Version4.0 Updatebeta1

Php ≫ Php Version4.0 Updatebeta2

Php ≫ Php Version4.0 Updatebeta3

Php ≫ Php Version4.0 Updatebeta4

Php ≫ Php Version4.0 Updaterc1

Php ≫ Php Version4.0 Updaterc2

Php ≫ Php Version4.0.0

Php ≫ Php Version4.0.1

Php ≫ Php Version4.0.1 Updatepatch1

Php ≫ Php Version4.0.1 Updatepatch2

Php ≫ Php Version4.0.2

Php ≫ Php Version4.0.3

Php ≫ Php Version4.0.3 Updatepatch1

Php ≫ Php Version4.0.4

Php ≫ Php Version4.0.4 Updatepatch1

Php ≫ Php Version4.0.5

Php ≫ Php Version4.0.6

Php ≫ Php Version4.0.7

Php ≫ Php Version4.0.7 Updaterc1

Php ≫ Php Version4.0.7 Updaterc2

Php ≫ Php Version4.0.7 Updaterc3

Php ≫ Php Version4.0.7 Updaterc4

Php ≫ Php Version4.1.0

Php ≫ Php Version4.1.1

Php ≫ Php Version4.1.2

Php ≫ Php Version4.2 Editiondev

Php ≫ Php Version4.2.0

Php ≫ Php Version4.2.1

Php ≫ Php Version4.2.2

Php ≫ Php Version4.2.3

Php ≫ Php Version4.3.0

Php ≫ Php Version4.3.1

Php ≫ Php Version4.3.2

Php ≫ Php Version4.3.3

Php ≫ Php Version4.3.4

Php ≫ Php Version4.3.5

Php ≫ Php Version4.3.6

Php ≫ Php Version4.3.7

Php ≫ Php Version4.3.8

Php ≫ Php Version4.3.9

Php ≫ Php Version4.3.10

Php ≫ Php Version4.3.11

Php ≫ Php Version4.4.0

Php ≫ Php Version4.4.1

Php ≫ Php Version4.4.2

Php ≫ Php Version4.4.3

Php ≫ Php Version4.4.4

Php ≫ Php Version4.4.5

Php ≫ Php Version4.4.6

Php ≫ Php Version4.4.7

Php ≫ Php Version4.4.8

Php ≫ Php Version4.4.9

Php ≫ Php Version5.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.598

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&

Vendor Advisory

http://securityreason.com/achievement_securityalert/58

Exploit

http://www.osvdb.org/52206

http://www.securityfocus.com/archive/1/498746/100/0/threaded

http://www.securityfocus.com/archive/1/498981/100/0/threaded

http://www.securityfocus.com/archive/1/498982/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/47316

https://nvd.nist.gov/vuln/detail/CVE-2008-7068

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-7068

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-7068

EUVD