5
CVSSv2

CVE-2007-1460

Published: 14/03/2007 Updated: 24/05/2011
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

The zip:// URL wrapper provided by the PECL zip extension in PHP prior to 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote malicious users to read ZIP archives located outside of the intended directories.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.3.9

php php 3.0

php php 4.0

php php 3.0.5

php php 3.0.11

php php 4.2.0

php php 3.0.1

php php 3.0.2

php php 4.4.4

php php 4.1.0

php php 4.3.4

php php 4.0.4

php php 4.3.0

php php 4.0.5

php php 3.0.8

php php 4.3.6

php php 3.0.13

php php

php php 4.3.7

php php 4.2.2

php php 4.4.2

php php 3.0.7

php php 4.3.2

php php 4.3.11

php php 4.0.0

php php 3.0.6

php php 3.0.17

php php 4.0.7

php php 4.0.2

php php 4.3.3

php php 2.0

php php 4.1.1

php php 3.0.15

php php 3.0.16

php php 4.4.3

php php 3.0.10

php php 3.0.4

php php 4.2.3

php php 4.4.5

php php 2.0b10

php php 4.0.6

php php 5.2.0

php php 4.1.2

php php 4.3.1

php php 3.0.18

php php 4.4.0

php php 4.3.10

php php 4.2.1

php php 4.0.1

php php 1.0

php php 3.0.12

php php 4.4.1

php php 5.2.1

php php 4.0.3

php php 3.0.14

php php 3.0.9

php php 3.0.3

php php 4.3.8

php php 4.3.5