CVE-2007-1710

MEDIUM

Description

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137

http://secunia.com/advisories/25423

http://secunia.com/advisories/25850

http://www.vupen.com/english/advisories/2007/1991

http://www.vupen.com/english/advisories/2007/2374

https://www.exploit-db.com/exploits/3573

Details

Source: MITRE

Published: 2007-03-27

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.1

Severity: MEDIUM