PHP Security Bypass Vulnerability - Aug09 Network Vulnerability

Summary

This host is running PHP and is prone to Security Bypas vulnerability.

Impact

Successful exploitation will let the local attacker execute arbitrary code and can bypass security restriction in the context of the web application. Impact Level: Application

Solution

Upgrade to PHP version 5.3.2 or later, For updates refer to http://www.php.net/

Insight

Error exists when application fails to enforce 'safe_mode_exec_dir' and 'open_basedir' restrictions for certain functions, which can be caused via the exec, system, shell_exec, passthru, or popen functions, possibly involving pathnames such as 'C:' drive notation.

Affected

PHP version 5.2.5

References

http://downloads.securityfocus.com/vulnerabilities/exploits/31064.php
http://en.securitylab.ru/nvd/383831.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-7002

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlienVault OSSIM SQL Injection and Remote Code Execution Vulnerabilities
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
Arkeia Appliance Multiple Vulnerabilities
Admin News Tools Multiple Vulnerabilities
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities