Vulnerabilities > CVE-2007-1412 - Local Information Disclosure vulnerability in PHP 4.4.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
Exploit-Db
| description | PHP 4.4.6 cpdf_open() Local Source Code Discslosure PoC. CVE-2007-1412. Local exploits for multiple platform |
| file | exploits/multiple/local/3442.php |
| id | EDB-ID:3442 |
| last seen | 2016-01-31 |
| modified | 2007-03-09 |
| platform | multiple |
| port | |
| published | 2007-03-09 |
| reporter | rgod |
| source | https://www.exploit-db.com/download/3442/ |
| title | PHP 4.4.6 cpdf_open Local Source Code Discslosure PoC |
| type | local |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-03-19 |
| organization | Red Hat |
| statement | Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support. |