Vulnerabilities > CVE-2007-4528 - Unspecified vulnerability in PHP 5.0.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function, as demonstrated by kernel32.dll and the WinExec function. NOTE: this issue does not cross privilege boundaries in most contexts, so perhaps it should not be included in CVE.
Exploit-Db
| description | PHP FFI Extension 5.0.5 Local Safe_mode Bypass Exploit. CVE-2007-4528. Local exploit for windows platform |
| file | exploits/windows/local/4311.php |
| id | EDB-ID:4311 |
| last seen | 2016-01-31 |
| modified | 2007-08-23 |
| platform | windows |
| port | |
| published | 2007-08-23 |
| reporter | NetJackal |
| source | https://www.exploit-db.com/download/4311/ |
| title | PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit |
| type | local |
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_FFI_SECURITY_BYPASS.NASL |
| description | According to its banner, the version of PHP installed on the remote host is affected by a security bypass vulnerability. The Foreign Function Interface (ffi) extension does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code by loading an arbitrary DLL and calling a function. |
| last seen | 2020-05-03 |
| modified | 2011-11-18 |
| plugin id | 17714 |
| published | 2011-11-18 |
| reporter | This script is Copyright (C) 2011-2020 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17714 |
| title | PHP Foreign Function Interface Arbitrary DLL Loading safe_mode Restriction Bypass |