vendor:
PHP
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Input Validation Vulnerabilities
20
CWE
Product Name: PHP
Affected Version From: PHP 4.3.10
Affected Version To: PHP 5.1.2
Patch Exists: YES
Related CWE: CVE-2005-3390
CPE: a:php:php
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2005-831/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2005-3390/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2005-831/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2005-838/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2005-3390/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2005-838/, https://www.rapid7.com/db/vulnerabilities/php-cve-2005-3390/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2005
PHP Multiple Input Validation Vulnerabilities
PHP is prone to multiple input-validation vulnerabilities that could allow 'safe_mode' and 'open_basedir' security settings to be bypassed. These issues reside in the 'mb_send_mail()' function, the 'mail()' function, and various PHP IMAP functions. An attacker can exploit these issues to bypass security restrictions and execute arbitrary code with the privileges of the user running the affected application.
Mitigation:
No known mitigation