Vulnerabilities > CVE-2007-1382 - Local Security vulnerability in PHP

047910
CVSS 6.8 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
microsoft
php
exploit available

Summary

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

Vulnerable Configurations

Part Description Count
OS
Microsoft
1
Application
Php
1

Exploit-Db

descriptionPHP COM extensions (inconsistent Win32) safe_mode Bypass Exploit. CVE-2007-1382. Local exploit for windows platform
fileexploits/windows/local/3429.php
idEDB-ID:3429
last seen2016-01-31
modified2007-03-07
platformwindows
port
published2007-03-07
reporterN/A
sourcehttps://www.exploit-db.com/download/3429/
titlePHP COM extensions inconsistent Win32 safe_mode Bypass Exploit
typelocal