Back to search
CVE-2006-4625
Published: Sep 12, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-1991
vdb-entry
x_refsource_VUPEN
22338
third-party-advisory
x_refsource_SECUNIA
SSRT071423
vendor-advisory
x_refsource_HP
20060909 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
mailing-list
x_refsource_BUGTRAQ
OpenPKG-SA-2006.023
vendor-advisory
x_refsource_OPENPKG
1519
third-party-advisory
x_refsource_SREASON
TLSA-2006-38
vendor-advisory
x_refsource_TURBO
USN-362-1
vendor-advisory
x_refsource_UBUNTU
20060913 Re: PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
mailing-list
x_refsource_BUGTRAQ
HPSBTU02232
vendor-advisory
x_refsource_HP
SSRT071429
vendor-advisory
x_refsource_HP
ADV-2007-2374
vdb-entry
x_refsource_VUPEN
25423
third-party-advisory
x_refsource_SECUNIA
22282
third-party-advisory
x_refsource_SECUNIA
19933
vdb-entry
x_refsource_BID
php-inirestore-security-bypass(28853)
vdb-entry
x_refsource_XF
HPSBMA02215
vendor-advisory
x_refsource_HP
SUSE-SA:2006:059
vendor-advisory
x_refsource_SUSE
MDKSA-2006:185
vendor-advisory
x_refsource_MANDRIVA
22331
third-party-advisory
x_refsource_SECUNIA
25850
third-party-advisory
x_refsource_SECUNIA
20060909 PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
third-party-advisory
x_refsource_SREASONRES
22424
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now