VDB
CVE-2007-3806
CVE-2007-3806
PUBLISHED
CVSS 6.800000190734863 MEDIUM
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
EPSS 5.21% · 90.1th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
5.21%
90.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| php | php | 5.2.3 |
Timeline
- Jul 17, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- 30288 third-party-advisory
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.166&r2=1.167 url
- 36085 vdb
- ADV-2007-2547 vdb
- php-glob-security-bypass(35437) vdb
- 4181 exploit
- DSA-1572 vendor-advisory
- GLSA-200710-02 vendor-advisory
- http://www.php.net/ChangeLog-5.php#5.2.4 url
- 30158 third-party-advisory
- 26085 third-party-advisory
- DSA-1578 vendor-advisory
- 27102 third-party-advisory
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?view=log url
- http://www.php.net/releases/5_2_4.php url
- 24922 vdb
- 25498 vdb
- 26642 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2007-3806 advisory