Vulnerabilities > CVE-2007-5424 - Security Bypass vulnerability in PHP 4.0/5.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
Nessus
| NASL family | CGI abuses |
| NASL id | PHP_5_2_0.NASL |
| description | According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several variables processed by some PHP functions such as |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 31649 |
| published | 2008-03-25 |
| reporter | This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/31649 |
| title | PHP 5.x < 5.2 Multiple Vulnerabilities |
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-10-16 |
| organization | Red Hat |
| statement | Red Hat does not consider this to be a security issue. The function behaves as documented. Furthermore, the function shouldn’t be considered a security feature, for reasons described at https://bugzilla.redhat.com/show_bug.cgi?id=332451#c3 and http://www.php.net/security-note.php |