Description

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Remediation

References

CVE-2009-4018

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9582)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409)

WordPress Plugin easyping-website subscriptions done right PHP Object Injection (0.0.1)

WordPress Plugin On Page SEO + Social Live Chat (Formerly OPS) Cross-Site Scripting (1.0.1)

Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)

Severity

High

Classification

CVE-2009-4018 CWE-264

Tags

Missing Update Known Vulnerabilities