PHP 'symlink()' 'open_basedir' Restriction Bypass Vulnerability Network Vulnerability

Summary

PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to read and write files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable other versions may also be affected.

References

http://securityreason.com/achievement_exploitalert/14
http://securityreason.com/achievement_securityalert/70
http://www.php.net/
http://www.securityfocus.com/bid/37032

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AMSI 'file' Parameter Directory Traversal Vulnerability
Apache mod_proxy_ajp Information Disclosure Vulnerability
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities