ID de Prueba:	1.3.6.1.4.1.25623.1.0.801731
Categoría:	Web application abuses
Título:	PHP < 5.2.15 Security Bypass Vulnerability
Resumen:	PHP is prone to a security bypass vulnerability.
Descripción:	Summary: PHP is prone to a security bypass vulnerability. Vulnerability Insight: An error in 'extract()' function does not prevent the use of the 'EXTR_OVERWRITE' parameter to overwrite the GLOBALS superglobal array. Vulnerability Impact: Successful exploitation could allows remote attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input. Affected Software/OS: PHP version prior to 5.2.15. Solution: Update to version 5.2.15 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0752 HPdes Security Advisory: HPSBOV02763 http://marc.info/?l=bugtraq&m=133469208622507&w=2 HPdes Security Advisory: SSRT100826 http://www.openwall.com/lists/oss-security/2010/12/13/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12016 XForce ISS Database: php-extract-security-bypass(65432) https://exchange.xforce.ibmcloud.com/vulnerabilities/65432
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.