PHP Multiple Vulnerabilities
Last Update Date:
23 Jul 2012 10:47
Release Date:
23 Jul 2012
5064
Views
RISK: Medium Risk
TYPE: Servers - Internet App Servers
Two vulnerabilities have been identified in PHP, which can be exploited by malicious people to bypass certain security restrictions and execute arbitrary code on the target system.
- The vulnerability is caused due to an error within the SQLite extension and can be exploited to bypass the "open_basedir" feature.
- A remote user may be able to to trigger an overflow in the _php_stream_scandir() function and potentially execute arbitrary code on the target system.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- PHP version prior to 5.3.15; 5.4.x prior to 5.4.5
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (5.3.15, 5.4.5).
Vulnerability Identifier
Source
Related Link
Share with