Description

The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.

Remediation

References

CVE-2007-4010

Related Vulnerabilities

WordPress Plugin Chameleon CSS SQL Injection (1.2)

WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1164)

Joomla! Core Local File Inclusion (2.5.0 - 3.8.8)

WordPress Plugin IMPress Listings Cross-Site Scripting (2.0.1)

Severity

Medium

Classification

CVE-2007-4010

Tags

Missing Update Known Vulnerabilities