exploitDog

CVE-2008-2666

Опубликовано: 18 июн. 2008

Источник: redhat

Описание

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

Отчет

We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-2666

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=452207php: chdir(), ftok() (standard ext) safe_mode bypass safe_mode bypass

Связанные уязвимости

CVE-2008-2666

nvd

около 17 лет назад

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.

CVE-2008-2666

debian

около 17 лет назад

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...

GHSA-h2vh-q3r8-9vv4

github

около 3 лет назад

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to the (1) chdir or (2) ftok function.