Description

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

Remediation

References

CVE-2007-4010

Related Vulnerabilities

Drupal Core 8.9.x Cross-Site Scripting (8.9.0 - 8.9.13)

WordPress Plugin Newsletter-Send awesome emails from WordPress Cross-Site Scripting (7.8.9)

TYPO3 Cryptographic Issues Vulnerability (CVE-2012-3527)

Drupal Incorrect Authorization Vulnerability (CVE-2011-2726)

Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)

Severity

Medium

Classification

CVE-2007-4010

Tags

Missing Update Known Vulnerabilities