CVE-2004-2692

The CVE-2004-2692 entry concerns the exec_dir PHP patch (php-exec-dir) versions 4.3.2 through 4.3.7 (with safe mode disabled). The underlying issue is that a backtick command operator is not handled by php_escape_shell_cmd, allowing remote attackers to bypass restrictions and execute arbitrary co...