CVE-2008-2051

2008-05-0500:00:00

ubuntu.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.017 Low

EPSS

Percentile

87.5%

JSON

The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and
context-dependent attack vectors related to “incomplete multibyte chars.”

Bugs

<https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464>

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchphp5< 5.1.2-1ubuntu3.12UNKNOWN
ubuntu7.04noarchphp5< 5.2.1-0ubuntu1.6UNKNOWN
ubuntu7.10noarchphp5< 5.2.3-1ubuntu6.4UNKNOWN
ubuntu8.04noarchphp5< 5.2.4-2ubuntu5.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	6.06	noarch	php5	< 5.1.2-1ubuntu3.12	UNKNOWN
ubuntu	7.04	noarch	php5	< 5.2.1-0ubuntu1.6	UNKNOWN
ubuntu	7.10	noarch	php5	< 5.2.3-1ubuntu6.4	UNKNOWN
ubuntu	8.04	noarch	php5	< 5.2.4-2ubuntu5.3	UNKNOWN