[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1460Date: (C)2007-03-14   (M)2023-12-22


The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-22954
SECUNIA-25056
BID-25159
SECUNIA-26235
ADV-2007-2732
APPLE-SA-2007-07-31
SUSE-SA:2007:032
http://docs.info.apple.com/article.html?artnum=306172
http://us2.php.net/releases/4_4_7.php
http://us2.php.net/releases/5_2_2.php
http://www.php-security.org/MOPB/MOPB-20-2007.html

CPE    63
cpe:/a:php:php:3.0
cpe:/a:php:php:1.0
cpe:/a:php:php:4.3.10
cpe:/a:php:php:4.3.11
...
CWE    1
CWE-264

© SecPod Technologies