CVE-2004-1392

2005-02-0605:00:00

[email protected]

web.nvd.nist.gov

php

curl

remote file read

open_basedir

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.6 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

Affected configurations

NVD

Node

phpphpMatch4.0

phpphpMatch4.0.1

phpphpMatch4.0.1patch1

phpphpMatch4.0.1patch2

phpphpMatch4.0.2

phpphpMatch4.0.3

phpphpMatch4.0.3patch1

phpphpMatch4.0.4

phpphpMatch4.0.5

phpphpMatch4.0.6

phpphpMatch4.0.7

phpphpMatch4.0.7rc1

phpphpMatch4.0.7rc2

phpphpMatch4.0.7rc3

CPENameOperatorVersion
php:phpphpeq4.0
php:phpphpeq4.0.1
php:phpphpeq4.0.2
php:phpphpeq4.0.3
php:phpphpeq4.0.4
php:phpphpeq4.0.5
php:phpphpeq4.0.6
php:phpphpeq4.0.7