VDB
CVE-2007-1399
CVE-2007-1399
PUBLISHED
CVSS 10 CRITICAL
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
EPSS 39.02% · 97.2th percentile
Risk Scores
CVSS v2.0
10
EPSS Score
39.02%
97.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| php | php | 5.2.0, 5.2.1 |
| pierrejoye | php_zip | 0 |
Timeline
- Mar 10, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- May 19, 2022 EPSS Score
- Jul 10, 2022 EPSS Score
- Oct 23, 2022 EPSS Score
- Dec 14, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 28, 2023 EPSS Score
- Jul 10, 2023 EPSS Score
- Aug 31, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Dec 13, 2023 EPSS Score
References
- http://www.php-security.org/MOPB/MOPB-16-2007.html url
- 24514 third-party-advisory
- 32782 vdb
- 22883 vdb
- SUSE-SA:2007:020 vendor-advisory
- DSA-1330 vendor-advisory
- ADV-2007-0898 vdb
- 24471 third-party-advisory
- pecl-url-wrapper-bo(32889) vdb
- 25938 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-1399 advisory