CVE-2004-2692

Name of the Vulnerable Software and Affected Versions php-exec-dir versions 4.3.2 through 4.3.7

Description The issue allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator. This is possible because the backtick operator is not handled using the php escape shell cmd function. The estimated number of potentially affected devices worldwide is not available.

Recommendations For php-exec-dir versions 4.3.2 through 4.3.7, consider enabling safe mode to mitigate the risk of exploitation. As a temporary workaround, restrict the use of the backtick operator until a patch is available.