Back to search
CVE-2007-3378
Published: Jun 29, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
2831
third-party-advisory
x_refsource_SREASON
http://www.php.net/ChangeLog-5.php#5.2.5
x_refsource_CONFIRM
26822
third-party-advisory
x_refsource_SECUNIA
28750
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0059
vdb-entry
x_refsource_VUPEN
php-sessionsavepath-errorlog-security-bypass(39403)
vdb-entry
x_refsource_XF
GLSA-200710-02
vendor-advisory
x_refsource_GENTOO
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
http://securityreason.com/achievement_exploitalert/9
x_refsource_MISC
http://www.php.net/releases/4_4_8.php
x_refsource_CONFIRM
SSA:2008-045-03
vendor-advisory
x_refsource_SLACKWARE
30040
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0398
vdb-entry
x_refsource_VUPEN
http://www.php.net/releases/5_2_5.php
x_refsource_CONFIRM
http://www.php.net/ChangeLog-5.php#5.2.4
x_refsource_CONFIRM
28936
third-party-advisory
x_refsource_SECUNIA
2007-0026
vendor-advisory
x_refsource_TRUSTIX
29420
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
https://issues.rpath.com/browse/RPL-1693
x_refsource_CONFIRM
SSRT080056
vendor-advisory
x_refsource_HP
3389
third-party-advisory
x_refsource_SREASON
27648
third-party-advisory
x_refsource_SECUNIA
20070627 PHP 5.2.3 PHP 4.4.7, htaccess safemode and open_basedir Bypass
third-party-advisory
x_refsource_SREASONRES
https://issues.rpath.com/browse/RPL-1702
x_refsource_CONFIRM
26838
third-party-advisory
x_refsource_SECUNIA
27377
third-party-advisory
x_refsource_SECUNIA
20070627 PHP 4/5 htaccess safemode and open_basedir Bypass
mailing-list
x_refsource_BUGTRAQ
HPSBUX02332
vendor-advisory
x_refsource_HP
php-htaccess-security-bypass(35102)
vdb-entry
x_refsource_XF
http://docs.info.apple.com/article.html?artnum=307562
x_refsource_CONFIRM
http://www.php.net/ChangeLog-4.php
x_refsource_CONFIRM
27102
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3023
vdb-entry
x_refsource_VUPEN
http://www.php.net/releases/5_2_4.php
x_refsource_CONFIRM
SSRT080010
vendor-advisory
x_refsource_HP
28318
third-party-advisory
x_refsource_SECUNIA
HPSBUX02308
vendor-advisory
x_refsource_HP
25498
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:6056
vdb-entry
signature
x_refsource_OVAL
26642
third-party-advisory
x_refsource_SECUNIA
24661
vdb-entry
x_refsource_BID
38682
vdb-entry
x_refsource_OSVDB
[oss-security] 20200917 Apache + PHP <= 7.4.10 open_basedir bypass
mailing-list
x_refsource_MLIST
20200918 Apache + PHP <= 7.4.10 open_basedir bypass
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now