Description

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

Remediation

References

CVE-2007-4010

Related Vulnerabilities

WordPress Plugin Instant Images-One Click Unsplash Uploads Cross-Site Scripting (4.4.0)

PHP Numeric Errors Vulnerability (CVE-2011-4566)

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

Django Use of Hard-coded Credentials Vulnerability (CVE-2016-9013)

Severity

Medium

Classification

CVE-2007-4010

Tags

Missing Update Known Vulnerabilities