Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2008-5624
HistoryDec 17, 2008 - 5:30 p.m.

CVE-2008-5624

2008-12-1717:30:00
CWE-264
[email protected]
web.nvd.nist.gov
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.016

Percentile

87.5%

JSON

PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to be restricted to root, as demonstrated by a setting of /etc for the error_log variable.

Affected configurations

Nvd
Node
phpphpMatch5.0.0
OR
phpphpMatch5.0.0beta1
OR
phpphpMatch5.0.0beta2
OR
phpphpMatch5.0.0beta3
OR
phpphpMatch5.0.0beta4
OR
phpphpMatch5.0.0rc1
OR
phpphpMatch5.0.0rc2
OR
phpphpMatch5.0.0rc3
OR
phpphpMatch5.0.1
OR
phpphpMatch5.0.2
OR
phpphpMatch5.0.3
OR
phpphpMatch5.0.4
OR
phpphpMatch5.0.5
OR
phpphpMatch5.1.0
OR
phpphpMatch5.1.1
OR
phpphpMatch5.1.2
OR
phpphpMatch5.1.3
OR
phpphpMatch5.1.4
OR
phpphpMatch5.1.5
OR
phpphpMatch5.1.6
OR
phpphpMatch5.2.0
OR
phpphpMatch5.2.1
OR
phpphpMatch5.2.2
OR
phpphpMatch5.2.3
OR
phpphpMatch5.2.4
OR
phpphpMatch5.2.5
OR
phpphpMatch5.2.6
OR
phpphpMatch5.2.7
VendorProductVersionCPE
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
phpphp5.0.0cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
phpphp5.0.1cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
phpphp5.0.2cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 281

Related

ubuntucve 1
cve 1
prion 1
cvelist 1
openvas 18
nessus 11
osv 1
debian 1
ubuntu 1
gentoo 1
ubuntucve
ubuntucve
CVE-2008-5624
2008-12-17 00:00:00
cve
cve
CVE-2008-5624
2008-12-17 17:30:00
prion
prion
Design/Logic Flaw
2008-12-17 17:30:00
cvelist
cvelist
CVE-2008-5624
2008-12-17 17:00:00
openvas
openvas
PHP Security Bypass and File Writing Vulnerability (Dec 2008)
2008-12-26 00:00:00
Mandrake Security Advisory MDVSA-2009:045 (php)
2009-02-23 00:00:00
Mandrake Security Advisory MDVSA-2009:045 (php)
2009-02-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : php (MDVSA-2009:045)
2009-04-23 00:00:00
openSUSE Security Update : apache2-mod_php5 (apache2-mod_php5-1993)
2010-02-23 00:00:00
Debian DSA-1789-1 : php5 - several vulnerabilities
2009-05-06 00:00:00
osv
osv
php5 - several vulnerabilities
2009-05-04 00:00:00
debian
debian
[SECURITY] [DSA 1789-1] New php5 packages fix several vulnerabilities
2009-05-04 20:57:57
ubuntu
ubuntu
PHP vulnerabilities
2009-02-12 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2010-01-05 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.5

Confidence

High

EPSS

0.016

Percentile

87.5%

JSON
Related for NVD:CVE-2008-5624
ubuntucve1cve1prion1cvelist1openvas18nessus11osv1debian1ubuntu1gentoo1