PT-2005-3887 · Php · Php

Martin Pitt

Published

2005-09-26

Updated

2018-10-03

CVE-2005-3054

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP versions 4.4.0

Description The issue arises from improper restriction of access to other directories when the open basedir directive includes a trailing slash. This allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Recommendations For PHP version 4.4.0, consider removing the trailing slash from the open basedir directive to prevent unauthorized access to other directories.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3054

Affected Products

Php

PT-2005-3887 · Php · Php

CVE-2005-3054

Related Identifiers

Affected Products

References · 19