Vulnerabilities > CVE-2007-0448 - Unspecified vulnerability in PHP 5.2.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Exploit-Db
| description | PHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability. CVE-2007-0448. Local exploit for php platform |
| id | EDB-ID:29528 |
| last seen | 2016-02-03 |
| modified | 2007-01-26 |
| published | 2007-01-26 |
| reporter | Maksymilian Arciemowicz |
| source | https://www.exploit-db.com/download/29528/ |
| title | PHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability |
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_5_2_0.NASL |
| description | According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31649 |
| published | 2008-03-25 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31649 |
| title | PHP 5.x < 5.2 Multiple Vulnerabilities |
Statements
contributor Vincent Danen lastmodified 2007-09-21 organization Mandriva statement Due to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue. contributor Mark J Cox lastmodified 2007-05-29 organization Red Hat statement We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php