Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0229

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0229
Last Modified 10 Sep 2008 08:00:44
Published 16 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0229

Summary

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Vulnerable Systems

Application

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.16

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.1

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.1.0

  • Php 4.1.2


References

XF - php-mysql-safemode-bypass(8105)

BUGTRAQ - 20020203 PHP Safe Mode Filesystem Circumvention Problem

BID - 4026

NTBUGTRAQ - 20020206 DW020203-PHP clarification

NTBUGTRAQ - 20020205 Re: PHP Safe Mode Filesystem Circumvention Problem


Last Updated: 27 May 2016 10:36:50