PHP Mb_Parse_Str Function Register_Globals Activation Weakness

PHP Mb_Parse_Str Function Register_Globals Activation Weakness

PHP is prone to a weakness that allows attackers to enable the 'register_globals' directive because the application fails to handle a memory-limit exception.

Enabling the PHP 'register_globals' directive may allow attackers to further exploit latent vulnerabilities in PHP scripts.

This issue is related to the weakness found in the non-multibyte 'parse_str()' from BID 15249 - PHP Parse_Str Register_Globals Activation Weakness.

This issue affects PHP 4 to 4.4.6 and 5 to 5.2.1.