vendor:
N/A
by:
Maksymilian Arciemowicz
7.5
CVSS
HIGH
Symlink bypass
94
CWE
Product Name: N/A
Affected Version From: 5.2.11
Affected Version To: 5.3.2000
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010
PHP 5.2.11/5.3.0 symlink() open_basedir bypass
This exploit allows an attacker to bypass the open_basedir restriction in PHP 5.2.11 and 5.3.0. It creates a symlink to a file outside the open_basedir directory, allowing the attacker to access the file.
Mitigation:
Ensure that the open_basedir restriction is properly configured and enforced.