The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote malicious users to execute arbitrary commands via the win_shell_execute function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 5.2.3 |