Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0542

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0542
Last Modified 05 Sep 2008 04:38:42
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0542

Summary

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.

Vulnerable Systems

Application

  • Php 4.4.6


References

XF - php-escapeshellarg-execute-command(16331)

CONFIRM - http://www.php.net/release_4_3_7.php

MISC - http://www.idefense.com/application/poi/display?id=108


Last Updated: 27 May 2016 10:38:38