CVE

Id
37119  
CVE No.
CVE-2008-7002  
Status
Candidate  
Description
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.  
Phase
Assigned (20090817)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
403337 37119 CVE-2008-7002 MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/31064.php  View
403338 37119 CVE-2008-7002 BID:31064  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
44656 JVNDB-2009-005663 Free PHP VX Guestbook におけるデータベースのバックアップをダウンロードされる脆弱性 Free PHP VX Guestbook には、認証を回避される、およびデータベースのバックアップをダウンロードされる脆弱性が存在します。 CVE-2008-7006 37119 5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005663.html  View