header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: PHP
Affected Version From: 4.3.2003
Affected Version To: 4.3.2005
Patch Exists: YES
Related CWE: Unknown
CPE: a:php:php
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

PHP Shell Escape Functions Command Execution Vulnerability

PHP is prone to a command execution vulnerability in its shell escape functions due to a failure to properly sanitize function arguments. This vulnerability allows an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server, potentially leading to unauthorized access.

Mitigation:

It is recommended to update to a patched version of PHP.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10471/info

PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments.

This issue might allow an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server; potentially leading to unauthorized access. Other attacks are also possible.

This issue is reported to affect PHP under Microsoft Windows version 4.3.3 and 4.3.5, it is likely that other Microsoft Windows versions are affected as well.

" || dir ||