CVE Vulnerabilities

CVE-2007-1710

Published: Mar 27, 2007 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:L/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a php://../../ sequence.

Affected Software

Name Vendor Start Version End Version
Php Php 4.4.4 4.4.4
Php Php 5.1.6 5.1.6
Php Php 5.2.1 5.2.1

References