9 lines
No EOL
630 B
Text
9 lines
No EOL
630 B
Text
source: http://www.securityfocus.com/bid/22261/info
|
|
|
|
PHP is prone to a 'safe_mode' restriction-bypass vulnerability. Successful exploits could allow an attacker to write files in unauthorized locations; other attacks may also be possible.
|
|
|
|
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code, all assuming that the 'safe_mode' restriction will isolate users from each other.
|
|
|
|
This issue is reported to affect PHP version 5.2.0; other versions may also be vulnerable.
|
|
|
|
php -r 'fopen("srpath://../../../../../../../dir/pliczek", "a");' |