Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP4.x至4.3.9及5.x至5.0.2版本中存在绕过安全模式限制漏洞。 当以safe_mode方式运行于多线程Unix系统下时,本地攻击者可以利用这个漏洞,通过在目录名中注入shell的方式,绕过safe_mode_exec_dir限制,执行其他位置中的命令。
CVSS Information
N/A
Vulnerability Type
N/A