CVE-2007-5900

Severity CVSS v4.0:
Pending analysis
Type:
CWE-264 Permissions, Privileges, and Access Control
Publication date:
20/11/2007
Last modified:
09/04/2025

Description

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 5.2.4 (including)