CVE-2007-4850

Severity

50%

Complexity

99%

Confidentiality

48%

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

PHP

First reported 17 years ago

2008-01-25 01:00:00

Last updated 6 years ago

2018-10-15 21:38:00

Affected Software

PHP 5.2.4

5.2.4

PHP 5.2.5

5.2.5

References

http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=markup

Exploit

APPLE-SA-2008-07-31

APPLE-SA-2008-10-09

20080122 PHP 5.2.5 cURL safe_mode bypass

Exploit

30048

30411

31200

31326

32222

20080122 PHP 5.2.5 cURL safe_mode bypass

Exploit

3562

http://support.apple.com/kb/HT3216

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178

MDVSA-2009:022

MDVSA-2009:023

[oss-security] 20080502 CVE Request (PHP)

http://www.php.net/ChangeLog-5.php

20080122 PHP 5.2.5 cURL safe_mode bypass

20080527 rPSA-2008-0178-1 php php-mysql php-pgsql

27413

29009

31681

USN-628-1

ADV-2008-1412

ADV-2008-2268

ADV-2008-2780

php-curlinit-security-bypass(39852)

php-safemode-directive-security-bypass(42134)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.