CVE-2008-5625

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.2.7

Description The issue allows context-dependent attackers to write to arbitrary files. This is possible because PHP does not enforce the error log safe mode restrictions when safe mode is enabled through a php admin flag setting in httpd.conf. An attacker can exploit this by placing a "php value error log" entry in a .htaccess file.

Recommendations For PHP versions prior to 5.2.7, update to version 5.2.7 or later to resolve the issue. As a temporary workaround, consider disabling the use of .htaccess files to minimize the risk of exploitation. Restrict access to the error log setting in php admin flag to prevent unauthorized modifications.