7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.2%
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and
5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and
(2) safe_mode_protected_env_vars directives, which allows context-dependent
attackers to execute programs with an arbitrary environment via the env
parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH
environment variable.
Author | Note |
---|---|
mdeslaur | PoC in php bug report safe_mode bug |