Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
PHP Shell Escape Functions Command Execution Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
PHP
by:
Unknown
7.5
CVSS
HIGH
Command Execution
78
CWE
Product Name: PHP
Affected Version From: 4.3.2003
Affected Version To: 4.3.2005
Patch Exists: YES
Related CWE: Unknown
CPE: a:php:php
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

PHP Shell Escape Functions Command Execution Vulnerability

PHP is prone to a command execution vulnerability in its shell escape functions due to a failure to properly sanitize function arguments. This vulnerability allows an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server, potentially leading to unauthorized access.

Mitigation:

It is recommended to update to a patched version of PHP.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10471/info

PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments.

This issue might allow an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server; potentially leading to unauthorized access. Other attacks are also possible.

This issue is reported to affect PHP under Microsoft Windows version 4.3.3 and 4.3.5, it is likely that other Microsoft Windows versions are affected as well.

" || dir ||

Navigation

Suggest Exploit

Services By CQR