CVE-2007-4850
CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/31053não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=markuphttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.htmlhttp://secunia.com/advisories/30048http://secunia.com/advisories/30411http://secunia.com/advisories/31200http://secunia.com/advisories/31326http://secunia.com/advisories/32222http://securityreason.com/achievement_securityalert/51http://securityreason.com/securityalert/3562https://exchange.xforce.ibmcloud.com/vulnerabilities/39852