ID CVE-2007-1710
Summary The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:S/C:P/I:P/A:P
refmap via4
exploit-db 3573
hp
  • HPSBMA02215
  • HPSBTU02232
  • SSRT071423
  • SSRT071429
secunia
  • 25423
  • 25850
vupen
  • ADV-2007-1991
  • ADV-2007-2374
statements via4
contributor Mark J Cox
lastmodified 2007-04-17
organization Red Hat
statement We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Last major update 11-10-2017 - 01:31
Published 27-03-2007 - 01:19
Back to Top