Description
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.1)
SharePoint CVE-2024-49070 Vulnerability (CVE-2024-49070)
WordPress Plugin MyBookTable Bookstore by Author Media Cross-Site Scripting (3.2.1)
Oracle Database Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
Zope Web Application Server Other Vulnerability (CVE-2005-3323)