Lucene search

[email protected]NVD:CVE-2008-7002

HistoryAug 19, 2009 - 5:24 a.m.

CVE-2008-7002

2009-08-1905:24:52

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as “C:” drive notation.

Affected configurations

Nvd

Node

phpphpMatch5.2.5

VendorProductVersionCPE
phpphp5.2.5cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	5.2.5	cpe:2.3:a:php:php:5.2.5:::::::*

References

downloads.securityfocus.com/vulnerabilities/exploits/31064.php

www.securityfocus.com/bid/31064

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2008-7002

exploitdb1 cvelist1 cve1 openvas3 prion1 ubuntucve1 nessus1 gentoo1