header-logo
Suggest Exploit
vendor:
PHP.EXE
by:
SecurityFocus
4.3
CVSS
MEDIUM
Arbitrary File Disclosure
200
CWE
Product Name: PHP.EXE
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2001

Vulnerability in Apache PHP.EXE binary on Microsoft Windows platforms

A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers. As a result, it is possible for an attacker to append a filepath to the end of web request for php.exe. Files targetted in this manner will be served to the attacker. It is also possible to run executables in the PHP directory via successful exploitation of this vulnerability.

Mitigation:

Ensure that the PHP.EXE binary is not accessible from the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3786/info

A vulnerability exists in the suggested default configuration for the Apache PHP.EXE binary on Microsoft Windows platforms. This issue has the potential to disclose the contents of arbitrary files to remote attackers.

As a result, it is possible for an attacker to append a filepath to the end of web request for php.exe. Files targetted in this manner will be served to the attacker.

It is also possible to run executables in the PHP directory via successful exploitation of this vulnerability.

http://[targethost]/php/php.exe?c:\[filepath]

Navigation

Suggest Exploit

Services By CQR