ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php_encoder | Ioncube | 6.5 (including) | 6.5 (including) |
| Php | Php | 5.2.4 (including) | 5.2.4 (including) |
References
- http://osvdb.org/41708
- http://secunia.com/advisories/27178
- http://www.securityfocus.com/bid/26024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37227
- https://www.exploit-db.com/exploits/4517
- http://osvdb.org/41708
- http://secunia.com/advisories/27178
- http://www.securityfocus.com/bid/26024
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37227
- https://www.exploit-db.com/exploits/4517