PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

Published : 2009-08-19 05:24 Updated : 2009-08-19 04:00

CVSS Score More info
Score 7.2 / 10
Vendor Product Version URI
Php Php 5.2.5 cpe:/a:php:php:5.2.5
  1. Php (1) Search CVE
    1. Php (1) Search CVE
      1. 5.2.5


ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2009-08-19 05:24