PT-2007-3077 · Php · Php

Published

2007-03-26

Updated

2017-10-11

CVE-2007-1710

CVSS v2.0

4.3

Medium

Vector

AV:L/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP versions 4.4.4, 5.1.6, 5.2.1

Description: The issue allows context-dependent attackers to bypass safe mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax. This can be achieved by preceding a filename with a "php://../../" sequence.

Recommendations: For PHP version 4.4.4, update to a version that fixes this issue. For PHP version 5.1.6, update to a version that fixes this issue. For PHP version 5.2.1, update to a version that fixes this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1710

Affected Products

Php

PT-2007-3077 · Php · Php

CVE-2007-1710

Related Identifiers

Affected Products

References · 10