CVE-2014-0185

2014-05-06T10:44:00
ID CVE-2014-0185
Type cve
Reporter cve@mitre.org
Modified 2017-01-07T02:59:00

Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.