remote command execution in mod_php, mod_php4

ID SUSE-SA:2002:007
Type suse
Reporter Suse
Modified 2002-02-28T20:59:29


The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker.