[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2007-1286":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":81,"duplicate_of":9,"upstream":82,"downstream":83,"duplicates":98,"related":99,"reserved_at":9,"published_at":100,"modified_at":101,"state":102,"summary":103,"references_raw":111,"kevs":262,"epss":263,"epss_history":266,"metrics":473,"affected":478},"CVE-2007-1286","Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"NVD-CWE-OTHER","Other","NVD uses this CWE ID when the weakness does not map to any existing CWE entry.","placeholder","NVD-Reserved",[],[19,28,43,54,63],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_C7FC7C0B219B7C63","Exploit Reference (php-security.org)","reference","http://www.php-security.org/MOPB/MOPB-04-2007.html","unknown",0.2,false,[],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":36,"platforms":37,"requires_auth":9,"exploitdb":39,"metasploit":9},"3396","PHP 4.4.4 - 'Unserialize()' ZVAL Reference Counter Overflow (PoC)","exploit-database","https://www.exploit-db.com/exploits/3396","poc",0.8,true,"dos",[38],"linux",{"verified":35,"type":36,"platform":38,"file":40,"codes":41},"exploits/linux/dos/3396.php",[42,7],"OSVDB-32771",{"_key":44,"name":45,"source":31,"url":46,"maturity":47,"reliability_score":34,"verified":35,"type":48,"platforms":49,"requires_auth":9,"exploitdb":51,"metasploit":9},"16310","PHP 4 - Unserialize() ZVAL Reference Counter Overflow (Cookie) (Metasploit)","https://www.exploit-db.com/exploits/16310","weaponized","remote",[50],"multiple",{"verified":35,"type":48,"platform":50,"file":52,"codes":53},"exploits/multiple/remote/16310.rb",[7,42],{"_key":55,"name":56,"source":31,"url":57,"maturity":47,"reliability_score":34,"verified":35,"type":48,"platforms":58,"requires_auth":9,"exploitdb":60,"metasploit":9},"9939","PHP \u003C 4.5.0 - Unserialize Overflow (Metasploit)","https://www.exploit-db.com/exploits/9939",[59],"php",{"verified":35,"type":48,"platform":59,"file":61,"codes":62},"exploits/php/remote/9939.rb",[7,42],{"_key":64,"name":65,"source":66,"url":67,"maturity":33,"reliability_score":68,"verified":26,"type":48,"platforms":69,"requires_auth":26,"exploitdb":9,"metasploit":70},"MSF_EXPLOIT_MULTI_PHP_PHP_UNSERIALIZE_ZVAL_COOKIE","PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/php/php_unserialize_zval_cookie.rb",0.3333333333333333,[],{"fullname":71,"rank":72,"rank_name":73,"post_auth":26,"check":35,"notes":74},"exploit/multi/php/php_unserialize_zval_cookie",200,"average",{"Stability":75,"SideEffects":77,"Reliability":79},[76],"unknown-stability",[78],"unknown-side-effects",[80],"unknown-reliability",[],[],[84,86,88,90,92,94,96],{"_key":85},"RHSA-2007:0154",{"_key":87},"RHSA-2007:0155",{"_key":89},"RHSA-2007:0163",{"_key":91},"DSA-1282-1",{"_key":93},"DSA-1283-1",{"_key":95},"DTSA-39-1",{"_key":97},"DTSA-40-1",[],[],"2007-03-06T20:00:00.000Z","2024-08-07T12:50:34.928Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":104,"epss_score":105,"severity":106,"severity_score":107,"severity_version":108,"severity_source":109,"severity_vector":110,"severity_status":102},"critical",0.86051,"medium",6.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:P/I:P/A:P",[112,119,125,130,135,141,146,152,157,161,165,169,174,178,182,186,192,196,201,205,209,214,218,222,226,230,234,238,244,249,253,258],{"url":113,"sources":114,"tags":116},"http://www.trustix.org/errata/2007/0009/",[115,109],"cve.org",[117,118],"Vendor Advisory","X Refsource TRUSTIX",{"url":120,"sources":121,"tags":122},"http://www.vupen.com/english/advisories/2007/1991",[115,109],[123,124],"VDB Entry","X Refsource VUPEN",{"url":126,"sources":127,"tags":128},"http://www.debian.org/security/2007/dsa-1283",[115,109],[117,129],"X Refsource DEBIAN",{"url":131,"sources":132,"tags":133},"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506",[115,109],[117,134],"X Refsource HP",{"url":136,"sources":137,"tags":138},"http://secunia.com/advisories/24606",[115,109],[139,140],"Third Party Advisory","X Refsource SECUNIA",{"url":142,"sources":143,"tags":144},"http://rhn.redhat.com/errata/RHSA-2007-0154.html",[115,109],[117,145],"X Refsource REDHAT",{"url":147,"sources":148,"tags":149},"http://www.securityfocus.com/archive/1/466166/100/0/threaded",[115,109],[150,151],"Mailing List","X Refsource BUGTRAQ",{"url":153,"sources":154,"tags":155},"http://security.gentoo.org/glsa/glsa-200705-19.xml",[115,109],[117,156],"X Refsource GENTOO",{"url":158,"sources":159,"tags":160},"http://secunia.com/advisories/24941",[115,109],[139,140],{"url":162,"sources":163,"tags":164},"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137",[115,109],[117,134],{"url":166,"sources":167,"tags":168},"http://security.gentoo.org/glsa/glsa-200703-21.xml",[115,109],[117,156],{"url":170,"sources":171,"tags":172},"https://exchange.xforce.ibmcloud.com/vulnerabilities/32796",[115,109],[123,173],"X Refsource XF",{"url":175,"sources":176,"tags":177},"http://secunia.com/advisories/25062",[115,109],[139,140],{"url":179,"sources":180,"tags":181},"http://www.vupen.com/english/advisories/2007/2374",[115,109],[123,124],{"url":183,"sources":184,"tags":185},"http://secunia.com/advisories/25423",[115,109],[139,140],{"url":23,"sources":187,"tags":188},[115,109],[189,190,191,117],"X Refsource MISC","Exploit","Patch",{"url":193,"sources":194,"tags":195},"http://secunia.com/advisories/24419",[115,109],[139,140],{"url":197,"sources":198,"tags":199},"http://www.mandriva.com/security/advisories?name=MDKSA-2007:087",[115,109],[117,200],"X Refsource MANDRIVA",{"url":202,"sources":203,"tags":204},"http://secunia.com/advisories/24945",[115,109],[139,140],{"url":206,"sources":207,"tags":208},"http://www.debian.org/security/2007/dsa-1282",[115,109],[117,129],{"url":210,"sources":211,"tags":212},"https://issues.rpath.com/browse/RPL-1268",[115,109],[213],"X Refsource CONFIRM",{"url":215,"sources":216,"tags":217},"http://secunia.com/advisories/24924",[115,109],[139,140],{"url":219,"sources":220,"tags":221},"http://rhn.redhat.com/errata/RHSA-2007-0155.html",[115,109],[117,145],{"url":223,"sources":224,"tags":225},"http://secunia.com/advisories/24910",[115,109],[139,140],{"url":227,"sources":228,"tags":229},"http://secunia.com/advisories/25850",[115,109],[139,140],{"url":231,"sources":232,"tags":233},"http://secunia.com/advisories/25445",[115,109],[139,140],{"url":235,"sources":236,"tags":237},"http://rhn.redhat.com/errata/RHSA-2007-0163.html",[115,109],[117,145],{"url":239,"sources":240,"tags":241},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11575",[115,109],[123,242,243],"Signature","X Refsource OVAL",{"url":245,"sources":246,"tags":247},"http://www.securityfocus.com/bid/22765",[115,109],[123,248],"X Refsource BID",{"url":250,"sources":251,"tags":252},"http://secunia.com/advisories/25025",[115,109],[139,140],{"url":254,"sources":255,"tags":256},"http://www.osvdb.org/32771",[115,109],[123,257],"X Refsource OSVDB",{"url":259,"sources":260,"tags":261},"http://www.mandriva.com/security/advisories?name=MDKSA-2007:088",[115,109],[117,200],[],{"date":264,"score":105,"percentile":265},"2026-06-04",0.99408,[267,271,274,277,280,282,284,286,288,290,292,294,296,298,300,303,306,308,311,313,315,317,319,321,323,325,327,329,332,334,337,339,341,343,345,347,350,353,356,359,361,363,366,369,372,374,376,378,380,383,385,387,389,391,395,397,400,402,404,407,409,412,415,417,420,422,424,426,428,430,432,434,436,438,440,442,444,446,448,450,452,454,456,458,460,462,464,466,468,470],{"date":268,"score":269,"percentile":270},"2025-11-04",0.80662,0.99088,{"date":272,"score":269,"percentile":273},"2025-11-05",0.99087,{"date":275,"score":269,"percentile":276},"2025-11-06",0.99086,{"date":278,"score":269,"percentile":279},"2025-11-07",0.99085,{"date":281,"score":269,"percentile":276},"2025-11-08",{"date":283,"score":269,"percentile":276},"2025-11-09",{"date":285,"score":269,"percentile":273},"2025-11-10",{"date":287,"score":269,"percentile":276},"2025-11-11",{"date":289,"score":269,"percentile":273},"2025-11-12",{"date":291,"score":269,"percentile":273},"2025-11-13",{"date":293,"score":269,"percentile":273},"2025-11-14",{"date":295,"score":269,"percentile":276},"2025-11-15",{"date":297,"score":269,"percentile":279},"2025-11-16",{"date":299,"score":269,"percentile":276},"2025-11-17",{"date":301,"score":269,"percentile":302},"2025-11-18",0.99213,{"date":304,"score":269,"percentile":305},"2025-11-19",0.99214,{"date":307,"score":269,"percentile":305},"2025-11-20",{"date":309,"score":269,"percentile":310},"2025-11-21",0.99084,{"date":312,"score":269,"percentile":310},"2025-11-22",{"date":314,"score":269,"percentile":279},"2025-11-23",{"date":316,"score":269,"percentile":279},"2025-11-24",{"date":318,"score":269,"percentile":276},"2025-11-25",{"date":320,"score":269,"percentile":276},"2025-11-26",{"date":322,"score":269,"percentile":276},"2025-11-27",{"date":324,"score":269,"percentile":276},"2025-11-28",{"date":326,"score":269,"percentile":276},"2025-11-29",{"date":328,"score":269,"percentile":276},"2025-11-30",{"date":330,"score":269,"percentile":331},"2025-12-01",0.99097,{"date":333,"score":269,"percentile":331},"2025-12-02",{"date":335,"score":269,"percentile":336},"2025-12-03",0.99098,{"date":338,"score":269,"percentile":279},"2025-12-04",{"date":340,"score":269,"percentile":273},"2025-12-05",{"date":342,"score":269,"percentile":276},"2025-12-06",{"date":344,"score":269,"percentile":273},"2025-12-07",{"date":346,"score":269,"percentile":270},"2025-12-08",{"date":348,"score":269,"percentile":349},"2025-12-09",0.99089,{"date":351,"score":269,"percentile":352},"2025-12-10",0.9909,{"date":354,"score":269,"percentile":355},"2025-12-11",0.99091,{"date":357,"score":269,"percentile":358},"2025-12-12",0.99092,{"date":360,"score":269,"percentile":358},"2025-12-13",{"date":362,"score":269,"percentile":358},"2025-12-14",{"date":364,"score":269,"percentile":365},"2025-12-15",0.99093,{"date":367,"score":269,"percentile":368},"2025-12-16",0.99094,{"date":370,"score":269,"percentile":371},"2025-12-17",0.99095,{"date":373,"score":269,"percentile":368},"2025-12-18",{"date":375,"score":269,"percentile":368},"2025-12-19",{"date":377,"score":269,"percentile":368},"2025-12-20",{"date":379,"score":269,"percentile":368},"2025-12-21",{"date":381,"score":269,"percentile":382},"2025-12-22",0.99096,{"date":384,"score":269,"percentile":382},"2025-12-23",{"date":386,"score":269,"percentile":331},"2025-12-24",{"date":388,"score":269,"percentile":331},"2025-12-25",{"date":390,"score":269,"percentile":331},"2025-12-26",{"date":392,"score":393,"percentile":394},"2025-12-27",0.7891,0.99015,{"date":396,"score":269,"percentile":336},"2025-12-28",{"date":398,"score":269,"percentile":399},"2025-12-29",0.99099,{"date":401,"score":269,"percentile":336},"2025-12-30",{"date":403,"score":269,"percentile":399},"2025-12-31",{"date":405,"score":269,"percentile":406},"2026-01-01",0.99111,{"date":408,"score":269,"percentile":406},"2026-01-02",{"date":410,"score":269,"percentile":411},"2026-01-03",0.99112,{"date":413,"score":269,"percentile":414},"2026-01-04",0.99101,{"date":416,"score":269,"percentile":414},"2026-01-05",{"date":418,"score":269,"percentile":419},"2026-01-06",0.991,{"date":421,"score":269,"percentile":399},"2026-01-07",{"date":423,"score":269,"percentile":419},"2026-01-08",{"date":425,"score":269,"percentile":419},"2026-01-09",{"date":427,"score":269,"percentile":419},"2026-01-10",{"date":429,"score":269,"percentile":382},"2026-01-11",{"date":431,"score":269,"percentile":382},"2026-01-12",{"date":433,"score":269,"percentile":371},"2026-01-13",{"date":435,"score":269,"percentile":331},"2026-01-14",{"date":437,"score":269,"percentile":382},"2026-01-15",{"date":439,"score":269,"percentile":382},"2026-01-16",{"date":441,"score":269,"percentile":331},"2026-01-17",{"date":443,"score":269,"percentile":336},"2026-01-18",{"date":445,"score":269,"percentile":336},"2026-01-19",{"date":447,"score":269,"percentile":399},"2026-01-20",{"date":449,"score":269,"percentile":336},"2026-01-21",{"date":451,"score":269,"percentile":336},"2026-01-22",{"date":453,"score":269,"percentile":419},"2026-01-23",{"date":455,"score":269,"percentile":419},"2026-01-24",{"date":457,"score":269,"percentile":399},"2026-01-25",{"date":459,"score":269,"percentile":399},"2026-01-26",{"date":461,"score":269,"percentile":419},"2026-01-27",{"date":463,"score":269,"percentile":419},"2026-01-28",{"date":465,"score":269,"percentile":419},"2026-01-29",{"date":467,"score":269,"percentile":414},"2026-01-30",{"date":469,"score":269,"percentile":414},"2026-01-31",{"date":471,"score":269,"percentile":472},"2026-02-01",0.99113,[474],{"source":109,"cvss_v2_0":475,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":107,"baseSeverity":9,"vectorString":110,"impactScore":476,"exploitabilityScore":477},6.4,8.6,[479],{"ecosystem":9,"name":480,"vendor":9,"product":480,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"PHP",[482],{"version":483,"is_range":35,"range_type":484,"version_start":9,"version_start_type":9,"version_end":485,"version_end_type":486,"fixed_in":9},"lte4.4.4","cpe","4.4.4","including"]