5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.007 Low
EPSS
Percentile
79.2%
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode
restriction in certain cases, which allows context-dependent attackers to
determine the existence of arbitrary files by checking if the readfile
function returns a string. NOTE: this issue might also involve the
realpath function.
Author | Note |
---|---|
kees | basedir bypass |