CVE-2007-5900
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
PHP anterior a 5.2.5 permite a usuarios locales evitar mecanismos de protección configurados a través de php_admin_value o php_admin_flag en httpd.conf con la utilización de ini_set para modificar variables de configuración de su elección, un asunto diferente que CVE-2006-4625.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-11-08 CVE Reserved
- 2007-11-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://bugs.php.net/bug.php?id=41561 | X_refsource_confirm | |
| http://secunia.com/advisories/27659 | Third Party Advisory | |
| http://secunia.com/advisories/30040 | Third Party Advisory | |
| http://securitytracker.com/id?1018934 | Vdb Entry | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0242 | X_refsource_confirm | |
| http://www.php.net/ChangeLog-5.php#5.2.5 | X_refsource_confirm | |
| http://www.php.net/releases/5_2_5.php | X_refsource_confirm | |
| https://issues.rpath.com/browse/RPL-1943 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27648 | 2018-10-15 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/491693/100/0/threaded | 2018-10-15 |