Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Other Vulnerability (CVE-2007-0448)

Description

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

Remediation

References

Related Vulnerabilities

WordPress Plugin Limit Attempts by BestWebSoft Cross-Site Scripting (1.1.7)

WordPress Plugin SendGrid Cross-Site Scripting (1.10.7)

WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.21)

WordPress Plugin Lightbox Multiple Vulnerabilities (1.6.6)

Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)

Severity

Critical

Classification

CVE-2007-0448

Tags

Missing Update Known Vulnerabilities