Published: 09/03/2007 Updated: 29/07/2017

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 445

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and previous versions allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zend zend platform

source: wwwsecurityfocuscom/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file ('phpini') This issue occurs because the application is installed with an 'ini_modifier' program that may be executed by local users and will bypass the authentication that is required by the a ...

NVD-CWE-Other http://www.php-security.org/MOPB/BONUS-07-2007.html http://www.zend.com/products/zend_platform/security_vulnerabilities http://www.securityfocus.com/bid/22802 http://www.osvdb.org/32773 http://secunia.com/advisories/24501 http://osvdb.org/33930 http://www.vupen.com/english/advisories/2007/0829 https://exchange.xforce.ibmcloud.com/vulnerabilities/32820 https://nvd.nist.gov https://www.exploit-db.com/exploits/29712/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1369

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect