Vulnerabilities > CVE-2007-1382 - Local Security vulnerability in PHP
Attack vector
LOCAL Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
Application | 1 |
Exploit-Db
description | PHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit. CVE-2007-1382. Local exploit for windows platform |
file | exploits/windows/local/3429.php |
id | EDB-ID:3429 |
last seen | 2016-01-31 |
modified | 2007-03-07 |
platform | windows |
port | |
published | 2007-03-07 |
reporter | N/A |
source | https://www.exploit-db.com/download/3429/ |
title | PHP COM extensions inconsistent Win32 safe_mode Bypass Exploit |
type | local |