Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2008-2665

Published: 20/06/2008 Updated: 11/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Php

Vulnerability Summary

Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and previous versions allows remote malicious users to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after the safe_mode check has successfully run.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 5.2.6

Vendor Advisories

Debian CVElist Bug Report Logs: php5/ext/zip: ZipArchive::extractTo() Directory Traversal Vulnerability
Debian Bug report logs - #507857 php5/ext/zip: ZipArchive::extractTo() Directory Traversal Vulnerability Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom> Date: Fri, ...
Debian CVElist Bug Report Logs: php5 dba ext: the inifile handler for the dba functions can be used to truncate a file
Debian Bug report logs - #507101 php5 dba ext: the inifile handler for the dba functions can be used to truncate a file Package: php5; Maintainer for php5 is Debian PHP Maintainers <pkg-php-maint@listsaliothdebianorg>; Source for php5 is src:php5 (PTS, buildd, popcon) Reported by: Raphael Geissert <atomo64@gmailcom&gt ...

References

CWE-22http://securityreason.com/achievement_securityalert/54http://www.securityfocus.com/bid/29797http://www.securitytracker.com/id?1020327http://securityreason.com/securityalert/3941http://wiki.rpath.com/Advisories:rPSA-2009-0035http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://secunia.com/advisories/35074http://www.vupen.com/english/advisories/2009/1297http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://support.apple.com/kb/HT3549http://marc.info/?l=bugtraq&m=124654546101607&w=2http://secunia.com/advisories/35650http://marc.info/?l=bugtraq&m=125631037611762&w=2http://secunia.com/advisories/32746http://security.gentoo.org/glsa/glsa-200811-05.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/43196http://www.securityfocus.com/archive/1/501376/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507857
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook