Vulnerabilities > CVE-2007-1412 - Local Information Disclosure vulnerability in PHP 4.4.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
Exploit-Db
description | PHP 4.4.6 cpdf_open() Local Source Code Discslosure PoC. CVE-2007-1412. Local exploits for multiple platform |
file | exploits/multiple/local/3442.php |
id | EDB-ID:3442 |
last seen | 2016-01-31 |
modified | 2007-03-09 |
platform | multiple |
port | |
published | 2007-03-09 |
reporter | rgod |
source | https://www.exploit-db.com/download/3442/ |
title | PHP 4.4.6 cpdf_open Local Source Code Discslosure PoC |
type | local |
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-19 |
organization | Red Hat |
statement | Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support. |