Vulnerabilities > CVE-2006-7204 - Unspecified vulnerability in PHP

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

php

NVD

Published: 2007-05-22

Updated: 2023-01-19

Summary

The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 5.1.0 PHP PHP 5.1.1 PHP PHP 5.1.2 PHP PHP 5.1.3 PHP PHP 5.1.4 PHP PHP 4.4.0 PHP PHP 4.4.1 PHP PHP 4.4.2 PHP PHP 4.4.3	37

Statements

contributor	Vincent Danen
lastmodified	2007-09-21
organization	Mandriva
statement	Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue.

contributor	Mark J Cox
lastmodified	2007-05-29
organization	Red Hat
statement	We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php

Summary

Vulnerable Configurations

Statements

References