PHP Multiple Restriction-Bypass Vulnerabilities Network Vulnerability

Summary

PHP is prone to a 'safe_mode' and to a 'open_basedir' restriction-bypass vulnerability. Successful exploits could allow an attacker to access files in unauthorized locations or create files in any writable directory and in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code the 'safe_mode' and the 'open_basedir' restrictions are assumed to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for details.

References

http://securityreason.com/securityalert/6600
http://securityreason.com/securityalert/6601
http://www.php.net
http://www.securityfocus.com/bid/36554
http://www.securityfocus.com/bid/36555

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Tomcat Directory Listing and File disclosure
7Media Web Solutions EduTrac Directory Traversal Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability

PHP multiple Restriction-Bypass Vulnerabilities

Take action and discover your vulnerabilities