Description
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
Remediation
References
Related Vulnerabilities
OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)
WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)
WordPress Plugin Jock on air now Multiple Vulnerabilities (5.6.1)
WordPress Plugin Booking.com Banner Creator Cross-Site Scripting (1.4.2)
WordPress Plugin Custom Search by BestWebSoft Cross-Site Scripting (1.35)