Lucene search

MitreCVE-2006-3011

HistoryJun 26, 2006 - 9:05 p.m.

CVE-2006-3011

2006-06-2621:05:00

CWE-264

mitre

web.nvd.nist.gov

php

error_log

safe mode

open_basedir

bypass

cve-2006-3011

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

30.1%

JSON

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a “php://” or other scheme in the third argument, which disables safe mode.

Affected configurations

Nvd

Node

phpphpRange≤4.4.3

phpphpMatch1.0

phpphpMatch2.0

phpphpMatch2.0b10

phpphpMatch3.0

phpphpMatch3.0.1

phpphpMatch3.0.2

phpphpMatch3.0.3

phpphpMatch3.0.4

phpphpMatch3.0.5

phpphpMatch3.0.6

phpphpMatch3.0.7

phpphpMatch3.0.8

phpphpMatch3.0.9

phpphpMatch3.0.10

phpphpMatch3.0.11

phpphpMatch3.0.12

phpphpMatch3.0.13

phpphpMatch3.0.14

phpphpMatch3.0.15

phpphpMatch3.0.16

phpphpMatch3.0.17

phpphpMatch3.0.18

phpphpMatch4.0beta_4_patch1

phpphpMatch4.0beta1

phpphpMatch4.0beta2

phpphpMatch4.0beta3

phpphpMatch4.0beta4

phpphpMatch4.0.0

phpphpMatch4.0.1

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.1.0

phpphpMatch4.1.1

phpphpMatch4.1.2

phpphpMatch4.2.0

phpphpMatch4.2.1

phpphpMatch4.2.2

phpphpMatch4.2.3

phpphpMatch4.3.0

phpphpMatch4.3.1

phpphpMatch4.3.2

phpphpMatch4.3.3

phpphpMatch4.3.4

phpphpMatch4.3.5

phpphpMatch4.3.6

phpphpMatch4.3.7

phpphpMatch4.3.8

phpphpMatch4.3.9

phpphpMatch4.3.10

phpphpMatch4.3.11

phpphpMatch4.4.0

phpphpMatch4.4.1

phpphpMatch4.4.2

Node

phpphpMatch5.0.0

phpphpMatch5.0.0beta1

phpphpMatch5.0.0beta2

phpphpMatch5.0.0beta3

phpphpMatch5.0.0beta4

phpphpMatch5.0.0rc1

phpphpMatch5.0.0rc2

phpphpMatch5.0.0rc3

phpphpMatch5.0.1

phpphpMatch5.0.2

phpphpMatch5.0.3

phpphpMatch5.0.4

phpphpMatch5.0.5

phpphpMatch5.1.0

phpphpMatch5.1.1

phpphpMatch5.1.2

phpphpMatch5.1.3

phpphpMatch5.1.4

phpphpMatch5.1.6

VendorProductVersionCPE
phpphp3.0.7cpe:/a:php:php:3.0.7:::
phpphp3.0.11cpe:/a:php:php:3.0.11:::
phpphp3.0.10cpe:/a:php:php:3.0.10:::
phpphp3.0.17cpe:/a:php:php:3.0.17:::
phpphp4.0.4cpe:/a:php:php:4.0.4:::
phpphp4.0.5cpe:/a:php:php:4.0.5:::
phpphp4.3.0cpe:/a:php:php:4.3.0:::
phpphp4.3.3cpe:/a:php:php:4.3.3:::
phpphp4.3.4cpe:/a:php:php:4.3.4:::
phpphp3.0.5cpe:/a:php:php:3.0.5:::

Vendor	Product	Version	CPE
php	php	3.0.7	cpe:/a:php:php:3.0.7:::
php	php	3.0.11	cpe:/a:php:php:3.0.11:::
php	php	3.0.10	cpe:/a:php:php:3.0.10:::
php	php	3.0.17	cpe:/a:php:php:3.0.17:::
php	php	4.0.4	cpe:/a:php:php:4.0.4:::
php	php	4.0.5	cpe:/a:php:php:4.0.5:::
php	php	4.3.0	cpe:/a:php:php:4.3.0:::
php	php	4.3.3	cpe:/a:php:php:4.3.3:::
php	php	4.3.4	cpe:/a:php:php:4.3.4:::
php	php	3.0.5	cpe:/a:php:php:3.0.5:::