PT-2001-2379 · Php · Php
Published
2001-12-06
·
Updated
2012-06-25
·
CVE-2001-1247
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP versions 4.0.4pl1 through 4.0.5
Description
The issue allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the
error log function to access the files.Recommendations
For PHP versions 4.0.4pl1 through 4.0.5, consider disabling the
error log function in safe mode to prevent exploitation until a patch is available.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php