QwikSec

Security Database

CVE

CWE

Training

CVE-2008-7068

Published: Aug 25, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20081206 Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file

mailing-list

x_refsource_BUGTRAQ

php-dbareplace-file-corruption(47316)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

20081127 PHP 5.2.6 dba_replace() destroying file

third-party-advisory

x_refsource_SREASONRES

20081127 SecurityReason : PHP 5.2.6 dba_replace() destroying file

mailing-list

x_refsource_BUGTRAQ

http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1313&r2=1.2027.2.547.2.1314&

x_refsource_CONFIRM

20081206 Re: SecurityReason : PHP 5.2.6 dba_replace() destroying file

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.