CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

Affected Software

Name	Vendor	Start Version	End Version
Php	Php	4.0 (including)	4.0 (including)
Php	Php	4.0.1 (including)	4.0.1 (including)
Php	Php	4.0.1-patch1 (including)	4.0.1-patch1 (including)
Php	Php	4.0.1-patch2 (including)	4.0.1-patch2 (including)
Php	Php	4.0.2 (including)	4.0.2 (including)
Php	Php	4.0.3 (including)	4.0.3 (including)
Php	Php	4.0.3-patch1 (including)	4.0.3-patch1 (including)
Php	Php	4.0.4 (including)	4.0.4 (including)
Php	Php	4.0.5 (including)	4.0.5 (including)
Php	Php	4.0.6 (including)	4.0.6 (including)
Php	Php	4.0.7 (including)	4.0.7 (including)
Php	Php	4.0.7-rc1 (including)	4.0.7-rc1 (including)
Php	Php	4.0.7-rc2 (including)	4.0.7-rc2 (including)
Php	Php	4.0.7-rc3 (including)	4.0.7-rc3 (including)
Php	Php	4.1.0 (including)	4.1.0 (including)
Php	Php	4.1.1 (including)	4.1.1 (including)
Php	Php	4.1.2 (including)	4.1.2 (including)
Php	Php	4.2 (including)	4.2 (including)
Php	Php	4.2.0 (including)	4.2.0 (including)
Php	Php	4.2.1 (including)	4.2.1 (including)
Php	Php	4.2.2 (including)	4.2.2 (including)
Php	Php	4.2.3 (including)	4.2.3 (including)
Php	Php	4.3.0 (including)	4.3.0 (including)
Php	Php	4.3.1 (including)	4.3.1 (including)
Php	Php	4.3.2 (including)	4.3.2 (including)
Php	Php	4.3.3 (including)	4.3.3 (including)
Php	Php	4.3.4 (including)	4.3.4 (including)
Php	Php	4.3.5 (including)	4.3.5 (including)
Php	Php	4.3.6 (including)	4.3.6 (including)
Php	Php	4.3.8 (including)	4.3.8 (including)
Php	Php	4.3.9 (including)	4.3.9 (including)
Php	Php	4.3.10 (including)	4.3.10 (including)
Php	Php	4.3.11 (including)	4.3.11 (including)
Php	Php	4.4.0 (including)	4.4.0 (including)
Php	Php	4.4.1 (including)	4.4.1 (including)
Php	Php	4.4.2 (including)	4.4.2 (including)
Php	Php	4.4.3 (including)	4.4.3 (including)
Php	Php	4.4.4 (including)	4.4.4 (including)
Php	Php	5.0-rc1 (including)	5.0-rc1 (including)
Php	Php	5.0-rc2 (including)	5.0-rc2 (including)
Php	Php	5.0-rc3 (including)	5.0-rc3 (including)
Php	Php	5.0.0 (including)	5.0.0 (including)
Php	Php	5.0.1 (including)	5.0.1 (including)
Php	Php	5.0.2 (including)	5.0.2 (including)
Php	Php	5.0.3 (including)	5.0.3 (including)
Php	Php	5.0.4 (including)	5.0.4 (including)
Php	Php	5.0.5 (including)	5.0.5 (including)
Php	Php	5.1.0 (including)	5.1.0 (including)
Php	Php	5.1.1 (including)	5.1.1 (including)
Php	Php	5.1.2 (including)	5.1.2 (including)
Php	Php	5.1.3 (including)	5.1.3 (including)
Php	Php	5.1.4 (including)	5.1.4 (including)
Php	Php	5.1.5 (including)	5.1.5 (including)
Php	Php	5.1.6 (including)	5.1.6 (including)
Php5	Ubuntu	dapper	*
Php5	Ubuntu	devel	*
Php5	Ubuntu	edgy	*
Php5	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4625
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References