PT-2002-2750 · Php+1 · Php+1

Published

2002-12-31

Updated

2008-09-05

CVE-2002-2029

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP (affected versions not specified)

Description The issue allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string, specifically when PHP is installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-2029

Affected Products

Apache

Php

PT-2002-2750 · Php+1 · Php+1

CVE-2002-2029

Related Identifiers

Affected Products

References · 6