CVE-2011-0752

The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
≤ 5.2.14
phpphp
1.0
phpphp
2.0
phpphp
2.0b10:b10
phpphp
3.0
phpphp
3.0.1
phpphp
3.0.2
phpphp
3.0.3
phpphp
3.0.4
phpphp
3.0.5
phpphp
3.0.6
phpphp
3.0.7
phpphp
3.0.8
phpphp
3.0.9
phpphp
3.0.10
phpphp
3.0.11
phpphp
3.0.12
phpphp
3.0.13
phpphp
3.0.14
phpphp
3.0.15
phpphp
3.0.16
phpphp
3.0.17
phpphp
3.0.18
phpphp
4.0:beta_4_patch1
phpphp
4.0:beta1
phpphp
4.0:beta2
phpphp
4.0:beta3
phpphp
4.0:beta4
phpphp
4.0.0
phpphp
4.0.1
phpphp
4.0.2
phpphp
4.0.3
phpphp
4.0.4
phpphp
4.0.5
phpphp
4.0.6
phpphp
4.0.7
phpphp
4.1.0
phpphp
4.1.1
phpphp
4.1.2
phpphp
4.2.0
phpphp
4.2.1
phpphp
4.2.2
phpphp
4.2.3
phpphp
4.3.0
phpphp
4.3.1
phpphp
4.3.2
phpphp
4.3.3
phpphp
4.3.4
phpphp
4.3.5
phpphp
4.3.6
phpphp
4.3.7
phpphp
4.3.8
phpphp
4.3.9
phpphp
4.3.10
phpphp
4.3.11
phpphp
4.4.0
phpphp
4.4.1
phpphp
4.4.2
phpphp
4.4.3
phpphp
4.4.4
phpphp
4.4.5
phpphp
4.4.6
phpphp
4.4.7
phpphp
4.4.8
phpphp
4.4.9
phpphp
5.0.0
phpphp
5.0.0:beta1
phpphp
5.0.0:beta2
phpphp
5.0.0:beta3
phpphp
5.0.0:beta4
phpphp
5.0.0:rc1
phpphp
5.0.0:rc2
phpphp
5.0.0:rc3
phpphp
5.0.1
phpphp
5.0.2
phpphp
5.0.3
phpphp
5.0.4
phpphp
5.0.5
phpphp
5.1.0
phpphp
5.1.1
phpphp
5.1.2
phpphp
5.1.3
phpphp
5.1.4
phpphp
5.1.5
phpphp
5.1.6
phpphp
5.2.0
phpphp
5.2.1
phpphp
5.2.2
phpphp
5.2.3
phpphp
5.2.4
phpphp
5.2.5
phpphp
5.2.6
phpphp
5.2.7
phpphp
5.2.8
phpphp
5.2.9
phpphp
5.2.10
phpphp
5.2.11
phpphp
5.2.12
phpphp
5.2.13
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
105
103
105
103
105
103
105
103
105
103
Common Weakness Enumeration
References
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://www.openwall.com/lists/oss-security/2010/12/13/4
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/65432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016
http://marc.info/?l=bugtraq&m=133469208622507&w=2
http://www.openwall.com/lists/oss-security/2010/12/13/4
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2010.php#id2010-12-10-1
http://www.php.net/releases/5_2_15.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/65432
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016