1
Candidate: CVE-2008-7002
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7002
6
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir
7
restrictions for certain functions, which might allow local users to bypass
8
intended access restrictions and call programs outside of the intended
9
directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or
10
(5) popen functions, possibly involving pathnames such as "C:" drive
14
jdstrand> PoC at http://downloads.securityfocus.com/vulnerabilities/exploits/31064.php
15
mdeslaur> The "PoC" doesn't turn on safe_mode, so of course
16
mdeslaur> safe_mode_exec_dir doesn't work. Ignoring.
23
upstream_php5: needs-triage
26
intrepid_php5: ignored