PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service (ReDoS) filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-5021
Probability of exploitation activity in the next 30 days: 0.54%
CVSS scores for CVE-2011-5021
CWE ids for CVE-2011-5021
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: firstname.lastname@example.org (Primary)