PT-2007-6460 · Php · Php
Published
2007-10-12
·
Updated
2018-10-15
·
CVE-2007-5424
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
PHP versions 4 and 5
Description:
The issue allows attackers to bypass intended restrictions by using an alias. For example, when
ini set is disabled, attackers can still use ini alter to achieve their goals.Recommendations:
For PHP versions 4 and 5, consider disabling the use of
ini alter until a more comprehensive solution is available. Restrict access to sensitive functions to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php