QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2666

Published: Jun 20, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_HP

20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

mailing-list

x_refsource_BUGTRAQ

http://wiki.rpath.com/Advisories:rPSA-2009-0035

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_HP

APPLE-SA-2009-05-12

vendor-advisory

x_refsource_APPLE

php-chdir-ftoc-security-bypass(43198)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_CERT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_SECUNIA

20080617 PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

third-party-advisory

x_refsource_SREASONRES

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.