CVE-2007-5900 | Vulnerability Database | Aqua Security

PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	*	5.2.4 (including)
Php5	Ubuntu	dapper	*
Php5	Ubuntu	feisty	*
Php5	Ubuntu	gutsy	*
Php5	Ubuntu	hardy	*
Php5	Ubuntu	upstream	*

References

http://bugs.php.net/bug.php?id=41561
http://secunia.com/advisories/27648
http://secunia.com/advisories/27659
http://secunia.com/advisories/30040
http://securitytracker.com/id?1018934
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
http://www.php.net/ChangeLog-5.php#5.2.5
http://www.php.net/releases/5_2_5.php
http://www.securityfocus.com/archive/1/491693/100/0/threaded
http://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943
http://bugs.php.net/bug.php?id=41561
http://secunia.com/advisories/27648
http://secunia.com/advisories/27659
http://secunia.com/advisories/30040
http://securitytracker.com/id?1018934
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242
http://www.php.net/ChangeLog-5.php#5.2.5
http://www.php.net/releases/5_2_5.php
http://www.securityfocus.com/archive/1/491693/100/0/threaded
http://www.securityfocus.com/archive/1/491693/100/0/threaded
https://issues.rpath.com/browse/RPL-1943

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5900
CWE	https://cwe.mitre.org/data/definitions/264.html