WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-3007)

Description

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)

phpBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-3880)

WordPress Plugin Facebook Like Box Multiple Vulnerabilities (2.9.1)

Moodle CVE-2009-0501 Vulnerability (CVE-2009-0501)

ATutor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6528)

Severity

Medium

Classification

CVE-2007-3007 CWE-264

Tags

Missing Update Known Vulnerabilities