CVE-2004-0542

2004-06-1004:00:00

mitre

www.cve.org

AI Score

7.4

Confidence

High

EPSS

0.92

Percentile

98.9%

JSON

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the “%”, “|”, or “>” characters to the escapeshellcmd function, or (2) the “%” character to the escapeshellarg function.

References

www.idefense.com/application/poi/display?id=108

www.php.net/release_4_3_7.php

exchange.xforce.ibmcloud.com/vulnerabilities/16331