Vulnerabilities > CVE-2006-7204 - Unspecified vulnerability in PHP
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 37 |
Statements
contributor Vincent Danen lastmodified 2007-09-21 organization Mandriva statement Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue. contributor Mark J Cox lastmodified 2007-05-29 organization Red Hat statement We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php