Back to search
CVE-2007-3007
Published: Jun 4, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
26231
third-party-advisory
x_refsource_SECUNIA
27110
third-party-advisory
x_refsource_SECUNIA
26048
third-party-advisory
x_refsource_SECUNIA
GLSA-200710-02
vendor-advisory
x_refsource_GENTOO
FEDORA-2007-2215
vendor-advisory
x_refsource_FEDORA
25456
third-party-advisory
x_refsource_SECUNIA
2007-0023
vendor-advisory
x_refsource_TRUSTIX
http://www.php.net/releases/5_2_3.php
x_refsource_CONFIRM
24259
vdb-entry
x_refsource_BID
27102
third-party-advisory
x_refsource_SECUNIA
36084
vdb-entry
x_refsource_OSVDB
http://bugs.php.net/bug.php?id=41492
x_refsource_CONFIRM
SUSE-SA:2007:044
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now