CVE-2005-3389

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 01 Nov 2005, 02:00
Last modified:07 Aug 2024, 23:10

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
9.56% LOW
10% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Nov 2005, 02:00
Published
Vulnerability first disclosed
07 Aug 2024, 23:10
Last Modified
Vulnerability information updated

Description

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

CVSS Metrics

  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 9.56% Percentile: 93%

Affected Systems

  • UnknownPHP

    4.0.0 | 4.0.1 | 4.0.1:patch1 | 4.0.1:patch2 | 4.0.2 | 4.0.3 | 4.0.3:patch1 | 4.0.4 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.7:rc1 | 4.0.7:rc2 | 4.0.7:rc3 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5

References (33)