CVE-2008-7002
PHP 5.2.5 - Multiple functions 'safe_mode_exec_dir' / 'open_basedir' Restriction Bypass Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
PHP v.5.2.5 no respeta las restricciones de ciertas funciones(a) open_basedir y(b) safe_mode_exec_dir, que pueden permitir a usuarios locales saltarse las restricciones de acceso previstas y las llamadas a programas externas del directorio previsto a través de las funciones (1) exec, (2) system, (3) shell_exec, (4) passthru, o(5) popen , probablemente relacionados con nombres de ruta como "C:" notación unidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-08 First Exploit
- 2009-08-17 CVE Reserved
- 2009-08-18 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/32343 | 2008-09-08 | |
http://downloads.securityfocus.com/vulnerabilities/exploits/31064.php | 2024-09-16 | |
http://www.securityfocus.com/bid/31064 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|