CVE-2006-3011
CVE-2006-3011
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/7171não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?diff_format=u&view=log&pathrev=PHP_4_4http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10&pathrev=PHP_4_4&diff_format=uhttp://secunia.com/advisories/20818http://secunia.com/advisories/21050http://secunia.com/advisories/21125http://secunia.com/advisories/21546http://securityreason.com/achievement_securityalert/41http://securityreason.com/securityalert/1129http://securitytracker.com/id?1016377https://exchange.xforce.ibmcloud.com/vulnerabilities/27414http://www.mandriva.com/security/advisories?name=MDKSA-2006:122http://www.osvdb.org/26827