Vulnerabilities > CVE-2007-0448 - Unspecified vulnerability in PHP 5.2.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
php
critical
nessus
exploit available

Summary

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

Vulnerable Configurations

Part Description Count
Application
Php
1

Exploit-Db

descriptionPHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability. CVE-2007-0448. Local exploit for php platform
idEDB-ID:29528
last seen2016-02-03
modified2007-01-26
published2007-01-26
reporterMaksymilian Arciemowicz
sourcehttps://www.exploit-db.com/download/29528/
titlePHP 5.2 FOpen Safe_Mode Restriction-Bypass Vulnerability

Nessus

NASL familyCGI abuses
NASL idPHP_5_2_0.NASL
descriptionAccording to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as
last seen2020-06-01
modified2020-06-02
plugin id31649
published2008-03-25
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31649
titlePHP 5.x < 5.2 Multiple Vulnerabilities

Statements

  • contributorVincent Danen
    lastmodified2007-09-21
    organizationMandriva
    statementDue to the nature of safe_mode and open_basedir restrictions, and in alignment with the PHP group’s stance on these features, Mandriva does not consider this a security issue.
  • contributorMark J Cox
    lastmodified2007-05-29
    organizationRed Hat
    statementWe do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php