Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP 多个函数 访问控制漏洞
Vulnerability Description
PHP 是一种 HTML 内嵌式的语言,是一种在服务器端执行的嵌入HTML文档的脚本语言。 PHP 5.2.5版本中存在多个函数访问控制漏洞。由于没有为某些函数执行(a)open_basedir和(b)safe_mode_exec_dir限制,这可能使得本地用户可以借助(1)exec,(2)system,(3)shell_exec,(4)passthru或(5)popen函数,绕过设置的访问限制和呼叫设置的目录外的程序。它可能涉及路径名,比如"C:"驱动符。
CVSS Information
N/A
Vulnerability Type
N/A