ID CVE-2004-1020
Summary The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 11981
bugtraq 20041216 PHP Input Validation Vulnerabilities
conectiva CLA-2005:915
confirm http://www.php.net/release_4_3_10.php
gentoo GLSA-200412-14
hp HPSBMA01212
mandrake MDKSA-2004:151
xf php-addslashes-view-files(18516)
statements via4
contributor Joshua Bressers
lastmodified 2007-08-26
organization Red Hat
statement Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. There are no known uses of this function which could allow a remote attacker to execute arbitrary code.
Last major update 11-07-2017 - 01:30
Published 10-01-2005 - 05:00
Last modified 11-07-2017 - 01:30
Back to Top