Description

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

Remediation

References

CVE-2007-4010

Related Vulnerabilities

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.22)

Envoy Wrong DOWNSTREAM_REMOTE_ADDRESS logged Issue (CVE-2020-35470)

e107 Other Vulnerability (CVE-2003-1191)

WordPress Plugin Media Library Assistant SQL Injection (2.84)

WordPress Plugin MM Forms Community 'doajaxfileupload.php' Arbitrary File Upload (2.2.6)

Severity

Medium

Classification

CVE-2007-4010

Tags

Missing Update Known Vulnerabilities