ID CVE-2007-5424
Summary The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
References
Vulnerable Configurations
  • cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 21:44)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20071010 Vulnerabilities digest
misc
sreason 3216
statements via4
contributor Mark J Cox
lastmodified 2007-10-16
organization Red Hat
statement Red Hat does not consider this to be a security issue. The function behaves as documented. Furthermore, the function shouldn’t be considered a security feature, for reasons described at https://bugzilla.redhat.com/show_bug.cgi?id=332451#c3 and http://www.php.net/security-note.php
Last major update 15-10-2018 - 21:44
Published 12-10-2007 - 23:17
Back to Top