Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/05/2007 Updated: 11/09/2008

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent malicious users to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php php 5.2.0

source: wwwsecurityfocuscom/bid/22261/info PHP is prone to a 'safe_mode' restriction-bypass vulnerability Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible This vulnerability would be an issue in shared-hosting configurations where multiple users can create and exec ...

NVD-CWE-Other http://securityreason.com/achievement_securityalert/44 http://www.securityfocus.com/bid/22261 http://securityreason.com/securityalert/2175 https://nvd.nist.gov https://www.exploit-db.com/exploits/29528/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0448

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect