PT-2003-1922 · Php · Php

Michal Krause

Published

2003-10-15

Updated

2018-10-30

CVE-2003-0863

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 4.3.x

Description The issue arises from the php check safe mode include dir function in fopen wrappers.c, which returns a success value when the safe mode include dir variable is not specified in the configuration. This behavior differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Recommendations For PHP version 4.3.x, consider specifying the safe mode include dir variable in the configuration to prevent potential exploitation of file include vulnerabilities.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0863

Affected Products

Php

PT-2003-1922 · Php · Php

CVE-2003-0863

Related Identifiers

Affected Products

References · 4