Description

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

Remediation

References

CVE-2007-4010

Related Vulnerabilities

Zenphoto Improper Privilege Management Vulnerability (CVE-2018-0610)

Apache HTTP Server Other Vulnerability (CVE-2003-0987)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-46147)

WebLogic CVE-2023-22108 Vulnerability (CVE-2023-22108)

WordPress Plugin Videos on Admin Dashboard Cross-Site Scripting (1.1.3)

Severity

Medium

Classification

CVE-2007-4010

Tags

Missing Update Known Vulnerabilities