PT-2007-3077 · Php · Php
Publicado
2007-03-26
·
Atualizado
2017-10-11
·
CVE-2007-1710
CVSS v2.0
4.3
Média
| Vetor | AV:L/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
PHP versions 4.4.4, 5.1.6, 5.2.1
Description:
The issue allows context-dependent attackers to bypass safe mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax. This can be achieved by preceding a filename with a "php://../../" sequence.
Recommendations:
For PHP version 4.4.4, update to a version that fixes this issue.
For PHP version 5.1.6, update to a version that fixes this issue.
For PHP version 5.2.1, update to a version that fixes this issue.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Php