PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php | Php | 4.0 (including) | 4.0 (including) |
Php | Php | 4.0.1 (including) | 4.0.1 (including) |
Php | Php | 4.0.1-patch1 (including) | 4.0.1-patch1 (including) |
Php | Php | 4.0.1-patch2 (including) | 4.0.1-patch2 (including) |
Php | Php | 4.0.2 (including) | 4.0.2 (including) |
Php | Php | 4.0.3 (including) | 4.0.3 (including) |
Php | Php | 4.0.3-patch1 (including) | 4.0.3-patch1 (including) |
Php | Php | 4.0.4 (including) | 4.0.4 (including) |
Php | Php | 4.0.5 (including) | 4.0.5 (including) |
Php | Php | 4.0.6 (including) | 4.0.6 (including) |
Php | Php | 4.0.7 (including) | 4.0.7 (including) |
Php | Php | 4.0.7-rc1 (including) | 4.0.7-rc1 (including) |
Php | Php | 4.0.7-rc2 (including) | 4.0.7-rc2 (including) |
Php | Php | 4.0.7-rc3 (including) | 4.0.7-rc3 (including) |
Red Hat Enterprise Linux 3 | RedHat | php-0:4.3.2-23.ent | * |
Red Hat Enterprise Linux 4 | RedHat | php-0:4.3.9-3.6 | * |
Php4 | Ubuntu | dapper | * |
Php4 | Ubuntu | edgy | * |
Php5 | Ubuntu | dapper | * |
Php5 | Ubuntu | devel | * |
Php5 | Ubuntu | edgy | * |
Php5 | Ubuntu | feisty | * |