CVE-2006-3011
CVE-2006-3011
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/7171no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=uhttp://secunia.com/advisories/20818http://secunia.com/advisories/21050http://secunia.com/advisories/21125http://secunia.com/advisories/21546http://securityreason.com/achievement_securityalert/41http://securityreason.com/securityalert/1129http://securitytracker.com/id?1016377https://exchange.xforce.ibmcloud.com/vulnerabilities/27414http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/26827