Back to search
CVE-2004-0542
Published: Jun 10, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.php.net/release_4_3_7.php
x_refsource_CONFIRM
php-escapeshellarg-execute-command(16331)
vdb-entry
x_refsource_XF
http://www.idefense.com/application/poi/display?id=108
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now