Lucene search

MitreCVE-2008-7002

HistoryAug 19, 2009 - 5:24 a.m.

CVE-2008-7002

2009-08-1905:24:52

CWE-264

mitre

web.nvd.nist.gov

php

open_basedir

safe_mode_exec_dir

security vulnerability

cve-2008-7002

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as “C:” drive notation.

Affected configurations

Nvd

Node

phpphpMatch5.2.5

VendorProductVersionCPE
phpphp5.2.5cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	5.2.5	cpe:2.3:a:php:php:5.2.5:::::::*

References

downloads.securityfocus.com/vulnerabilities/exploits/31064.php

www.securityfocus.com/bid/31064

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2008-7002