Description

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.

Remediation

References

CVE-2015-4642

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9033)

WordPress Plugin Search Meter CSV Injection (2.13.2)

WordPress Plugin WP Hide & Security Enhancer Arbitrary File Download (1.3.9.2)

Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)

Apache Traffic Server CVE-2022-47184 Vulnerability (CVE-2022-47184)

Severity

Critical

Classification

CVE-2015-4642 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities