QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-4850

Back to search

CVE-2007-4850

Published: Jan 25, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

VendorProductVersions

n/a

n/a

affected
n/a

References

ADV-2008-1412
vdb-entry
x_refsource_VUPEN
APPLE-SA-2008-07-31
vendor-advisory
x_refsource_APPLE
31681
vdb-entry
x_refsource_BID
29009
vdb-entry
x_refsource_BID
27413
vdb-entry
x_refsource_BID
ADV-2008-2268
vdb-entry
x_refsource_VUPEN
USN-628-1
vendor-advisory
x_refsource_UBUNTU
20080122 PHP 5.2.5 cURL safe_mode bypass
mailing-list
x_refsource_BUGTRAQ
20080122 PHP 5.2.5 cURL safe_mode bypass
third-party-advisory
x_refsource_SREASONRES
[oss-security] 20080502 CVE Request (PHP)
mailing-list
x_refsource_MLIST
30411
third-party-advisory
x_refsource_SECUNIA
MDVSA-2009:023
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2009:022
vendor-advisory
x_refsource_MANDRIVA
31200
third-party-advisory
x_refsource_SECUNIA
32222
third-party-advisory
x_refsource_SECUNIA
20080122 PHP 5.2.5 cURL safe_mode bypass
mailing-list
x_refsource_FULLDISC
3562
third-party-advisory
x_refsource_SREASON
31326
third-party-advisory
x_refsource_SECUNIA
ADV-2008-2780
vdb-entry
x_refsource_VUPEN
APPLE-SA-2008-10-09
vendor-advisory
x_refsource_APPLE
30048
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now