[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3054Date: (C)2005-09-26   (M)2023-12-22


fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-14957
SECUNIA-17229
SECUNIA-17371
SECUNIA-17510
SECUNIA-17557
ADV-2005-1862
ADV-2005-2254
GLSA-200511-08
MDKSA-2005:213
TSLSA-2005-0059
USN-207-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
http://www.php.net/release_4_4_1.php

CPE    1
cpe:/a:php:php:4.4.0

© SecPod Technologies