WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5447)

Description

ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.

Remediation

References

Related Vulnerabilities

MySQL CVE-2013-0368 Vulnerability (CVE-2013-0368)

WordPress Plugin Pierre's Wordspew 'wordspew.php' Multiple SQL Injection Vulnerabilities (5.61)

MySQL CVE-2018-3182 Vulnerability (CVE-2018-3182)

WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)

Severity

Medium

Classification

CVE-2007-5447 CWE-264

Tags

Missing Update Known Vulnerabilities