CVE-2008-7002

Name of the Vulnerable Software and Affected Versions PHP version 5.2.5

Description The issue allows local users to bypass intended access restrictions, potentially enabling them to call programs outside of the intended directory. This can be achieved via certain functions, including exec, system, shell exec, passthru, or popen, possibly involving pathnames such as "C:" drive notation. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For PHP version 5.2.5, consider restricting the use of the exec, system, shell exec, passthru, and popen functions until a patch is available. As a temporary workaround, limit the execution of programs to only those within the intended directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.