CVE-2007-1369

Name of the Vulnerable Software and Affected Versions Zend Platform versions 2.2.3 and earlier

Description The issue allows local users to modify the system php.ini file. This is achieved by editing a copy of the php.ini file using the -f parameter and then performing a symlink attack. The attack involves creating a directory with an attacker-controlled php.ini file and linking this directory to /usr/local/Zend/etc.

Recommendations For Zend Platform versions 2.2.3 and earlier, consider restricting access to the ini modifier function to prevent unauthorized modifications to the system php.ini file. As a temporary workaround, restrict write access to the /usr/local/Zend/etc directory to minimize the risk of exploitation.