CVE-2007-3378

Name of the Vulnerable Software and Affected Versions PHP versions prior to 4.4.8 PHP 5 versions prior to 5.2.4

Description The issue allows remote attackers to bypass safe mode and open basedir restrictions and possibly execute arbitrary commands when certain functions are invoked from a .htaccess file. This can be achieved through the use of php value and php flag directives in .htaccess. The session save path, ini set, and error log functions are affected.

Recommendations For PHP versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue. For PHP 5 versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to .htaccess files to prevent exploitation. Avoid using the php value and php flag directives in .htaccess files until the issue is resolved.