Описание
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Ссылки
- Not Applicable
- PatchRelease NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Not Applicable
- PatchRelease NotesVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
10 Critical
CVSS2
Дефекты
Связанные уязвимости
PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
EPSS
10 Critical
CVSS2