Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP proc_open()绕过safe_mode_protected_env_var限制漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP没有执行任何检查便允许传送对proc_open所指定的环境变量,这就忽略了safe_mode_allowed_env_vars和safe_mode_protected_env_vars设置。用户可以绕过safe_mode限制访问Apache UID可访问的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A