CVE-2008-5625
CVE-2008-5625
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/7171unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2008-11/0152.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://osvdb.org/52205http://secunia.com/advisories/35650http://securityreason.com/achievement_securityalert/57https://exchange.xforce.ibmcloud.com/vulnerabilities/47314https://www.exploit-db.com/exploits/7171http://wiki.rpath.com/Advisories:rPSA-2009-0035http://www.mandriva.com/security/advisories?name=MDVSA-2009:045http://www.php.net/ChangeLog-5.php#5.2.7http://www.securityfocus.com/archive/1/501376/100/0/threaded