Description

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Remediation

References

CVE-2001-1247

Related Vulnerabilities

PHP Other Vulnerability (CVE-2002-0717)

Jetty Other Vulnerability (CVE-2020-27216)

WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0215)

Java Unspesificed Vulnerability (CVE-2019-2422)

Severity

Medium

Classification

CVE-2001-1247 CWE-264

Tags

Missing Update Known Vulnerabilities