Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-4026

Опубликовано: 09 июн. 2015
Источник: ubuntu
Приоритет: low
EPSS Средний
CVSS2: 7.5

Описание

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

РелизСтатусПримечание
devel

released

5.6.9+dfsg-1ubuntu1
esm-infra-legacy/trusty

not-affected

5.5.9+dfsg-1ubuntu4.11
precise

released

5.3.10-1ubuntu3.19
trusty

released

5.5.9+dfsg-1ubuntu4.11
trusty/esm

not-affected

5.5.9+dfsg-1ubuntu4.11
upstream

released

5.4.41,5.5.25,5.6.9
utopic

released

5.5.12+dfsg-2ubuntu4.6
vivid

released

5.6.4+dfsg-4ubuntu6.2

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10305
Средний

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2015-4026

redhat
около 10 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

nvd логотип

CVE-2015-4026

nvd
около 10 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

debian логотип

CVE-2015-4026

debian
около 10 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ...

github логотип

GHSA-2xvw-fxc9-x223

github
около 3 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

fstec логотип

BDU:2022-02534

CVSS3: 6.5
fstec
около 10 лет назад

Уязвимость реализация pcntl_exec интерпретатора языка программирования PHP, связанная с ошибкой при обработке при обработке путей к файлам с символом \x00, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код

EPSS

Процентиль: 93%
0.10305
Средний

7.5 High

CVSS2