Summary
This host is running PHP and is prone to Security Bypas vulnerability.
Impact
Successful exploitation will let the local attacker execute arbitrary code and can bypass security restriction in the context of the web application.
Impact Level: Application
Solution
Upgrade to PHP version 5.3.2 or later,
For updates refer to http://www.php.net/
Insight
Error exists when application fails to enforce 'safe_mode_exec_dir' and 'open_basedir' restrictions for certain functions, which can be caused via the exec, system, shell_exec, passthru, or popen functions, possibly involving pathnames such as 'C:' drive notation.
Affected
PHP version 5.2.5
References
Severity
Classification
-
CVE CVE-2008-7002 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- AlienVault Open Source SIEM (OSSIM) 'timestamp' Parameter Directory Traversal Vulnerability
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities