Computer Security

PHP Safe Mod protection bypass

back  news / advisories / software / search /  forward
[EN] securityvulns.ru no-pyccku


PHP Safe Mod protection bypass
Published:28.01.2007
Source:
SecurityVulns ID:7123
Type:local
Threat Level:
6/10
Description:It's possible to traverse working directory protection by using writing mode (srpath://../ file prefix for fopen()).
Affected:PHP : PHP 5.2
CVE:CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.)
Original documentdocumentSecurityReason, [Full-disclosure] PHP 5.2.0 safe_mode bypass (by Writing Mode) (28.01.2007)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod