sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP prior to 5.4.28 and 5.5.x prior to 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |