[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4625Date: (C)2006-09-12   (M)2023-12-22


PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: NONE
  
Reference:
SREASON-1519
BID-19933
http://securityreason.com/achievement_securityalert/42
http://www.securityfocus.com/archive/1/archive/1/445712/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/445882/100/0/threaded
SECUNIA-22282
SECUNIA-22331
SECUNIA-22338
SECUNIA-22424
SECUNIA-25423
SECUNIA-25850
ADV-2007-1991
ADV-2007-2374
HPSBMA02215
HPSBTU02232
MDKSA-2006:185
OpenPKG-SA-2006.023
SSRT071423
SSRT071429
SUSE-SA:2006:059
TLSA-2006-38
USN-362-1
php-inirestore-security-bypass(28853)

CPE    44
cpe:/a:php:php:5.1
cpe:/a:php:php:5.1.4
cpe:/a:php:php:5.1.5
cpe:/a:php:php:5.1.6
...

© SecPod Technologies