CVE-2008-2051

Severity

99%

Complexity

99%

Confidentiality

165%

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."

CVSS 2.0 Base Score 9.9. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

PHP

First reported 16 years ago

2008-05-05 17:20:00

Last updated 6 years ago

2018-10-11 20:38:00

Affected Software

PHP PHP 5.0.0 Beta1

5.0.0

PHP PHP 5.0.0 Beta2

5.0.0

PHP PHP 5.0.0 Beta3

5.0.0

PHP PHP 5.0.0 Beta4

5.0.0

PHP PHP 5.0.0 RC1

5.0.0

PHP PHP 5.0.0 RC2

5.0.0

PHP PHP 5.0.0 RC3

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP PHP 5.1.3

5.1.3

PHP 5.1.4

5.1.4

PHP PHP 5.1.5

5.1.5

PHP PHP 5.1.6

5.1.6

PHP 5.2.0

5.2.0

PHP 5.2.1

5.2.1

PHP 5.2.2

5.2.2

PHP 5.2.3

5.2.3

PHP 5.2.4

5.2.4

PHP PHP

References

APPLE-SA-2008-07-31

SUSE-SR:2008:014

30048

30083

30158

30288

30345

30411

30757

30828

30967

31119

31124

31200

31326

32746

GLSA-200811-05

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178

DSA-1572

DSA-1578

MDVSA-2008:125

MDVSA-2008:126

MDVSA-2008:127

MDVSA-2008:128

[oss-security] 20080502 CVE Request (PHP)

http://www.php.net/ChangeLog-5.php

RHSA-2008:0505

RHSA-2008:0544

RHSA-2008:0545

RHSA-2008:0546

RHSA-2008:0582

20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl

20080527 rPSA-2008-0178-1 php php-mysql php-pgsql

29009

SSA:2008-128-01

USN-628-1

ADV-2008-1412

ADV-2008-2268

https://issues.rpath.com/browse/RPL-2503

oval:org.mitre.oval:def:10256

FEDORA-2008-3864

FEDORA-2008-3606

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.