CVE-2004-0542

2004-06-1004:00:00

mitre

www.cve.org

7.4 High

AI Score

Confidence

High

0.92 High

EPSS

Percentile

98.9%

JSON

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the “%”, “|”, or “>” characters to the escapeshellcmd function, or (2) the “%” character to the escapeshellarg function.

References

www.idefense.com/application/poi/display?id=108

www.php.net/release_4_3_7.php

exchange.xforce.ibmcloud.com/vulnerabilities/16331