CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

Published : 2007-05-24 18:30 Updated : 2008-09-11 00:49

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Php Php 5.2.0 cpe:/a:php:php:5.2.0
  1. Php (1) Search CVE
    1. Php (1) Search CVE
      1. 5.2.0

CWE

There is no CWE for this CVE.

History of changes

Date Event
2007-05-24 18:30

New CVE