Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0863


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0863
Last Modified 10 Sep 2008 03:20:46
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Vulnerable Systems


  • Php 4.3

  • Php 4.3.1

  • Php 4.3.2


BUGTRAQ - 20030716 PHP safe mode broken?

Last Updated: 27 May 2016 10:38:05