Your submission was sent successfully! Close

CVE-2007-5900

Published: 20 November 2007

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Notes

AuthorNote
jdstrand
requires malicious script
Priority

Low