CVE-2006-3011

2006-06-2621:05:00

CWE-264

[email protected]

web.nvd.nist.gov

php

error_log

safe mode

open_basedir

bypass

cve-2006-3011

6.2 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.4%

JSON

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a “php://” or other scheme in the third argument, which disables safe mode.

CPENameOperatorVersion
php:phpphpeq4.3.9
php:phpphpeq3.0
php:phpphpeq4.0
php:phpphpeq3.0.5
php:phpphpeq3.0.11
php:phpphpeq4.2.0
php:phpphpeq3.0.1
php:phpphpeq3.0.2
php:phpphpeq4.1.0
php:phpphpeq4.3.4

CPE	Name	Operator	Version
php:php	php	eq	4.3.9
php:php	php	eq	3.0
php:php	php	eq	4.0
php:php	php	eq	3.0.5
php:php	php	eq	3.0.11
php:php	php	eq	4.2.0
php:php	php	eq	3.0.1
php:php	php	eq	3.0.2
php:php	php	eq	4.1.0
php:php	php	eq	4.3.4