Back to search
CVE-2007-1369
Published: Mar 9, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
33930
vdb-entry
x_refsource_OSVDB
ADV-2007-0829
vdb-entry
x_refsource_VUPEN
22802
vdb-entry
x_refsource_BID
24501
third-party-advisory
x_refsource_SECUNIA
zend-inimodifier-privilege-escalation(32820)
vdb-entry
x_refsource_XF
32773
vdb-entry
x_refsource_OSVDB
http://www.php-security.org/MOPB/BONUS-07-2007.html
x_refsource_MISC
http://www.zend.com/products/zend_platform/security_vulnerabilities
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now