Computer Security
[EN] securityvulns.ru no-pyccku


PHP COM extension safe_mode protection bypass
Published:10.03.2007
Source:
SecurityVulns ID:7379
Type:local
Threat Level:
5/10
Description:WScript.Shell COM object allows execution of any commands.
CVE:CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.)
Files:PHP COM extensions (inconsistent Win32) safe_mode bypass

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod