cve/CVE-2015-1352.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

935 B

Raw Permalink Blame History

CVE-2015-1352

Description

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name.

POC

Reference

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Github

https://github.com/ARPSyndicate/cve-scores
https://github.com/Live-Hack-CVE/CVE-2015-1352

935 B Raw Permalink Blame History

CVE-2015-1352

Description

POC

Reference

Github

935 B

Raw Permalink Blame History