remote command execution in mod_php, mod_php4

2002-02-28T20:59:29
ID SUSE-SA:2002:007
Type suse
Reporter Suse
Modified 2002-02-28T20:59:29

Description

The e-matters team have found multiple remotely exploitable vulnerabilites in the source code responsible for file upload in the apache modules mod_php and mod_php4 (versions 3 and 4). The weakness can be used to have the webserver execute arbitrary code as supplied by the attacker.