| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-1635 |
264 |
|
Bypass |
2013-03-06 |
2013-03-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. |
|
2 |
CVE-2012-3365 |
264 |
|
Bypass |
2012-07-20 |
2013-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. |
|
3 |
CVE-2011-0752 |
20 |
|
Bypass |
2011-02-02 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758. |
|
4 |
CVE-2010-4699 |
189 |
|
Bypass |
2011-01-18 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set. |
|
5 |
CVE-2010-3870 |
20 |
|
Sql XSS Bypass |
2010-11-12 |
2011-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. |
|
6 |
CVE-2009-5016 |
189 |
|
Overflow Sql XSS Bypass |
2010-11-12 |
2011-02-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. |
|
7 |
CVE-2009-3558 |
264 |
|
Bypass |
2009-11-23 |
2010-04-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. |
|
8 |
CVE-2009-3557 |
264 |
|
Bypass |
2009-11-23 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments. |
|
9 |
CVE-2007-4652 |
59 |
|
Bypass |
2007-09-04 |
2011-08-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink. |
|
10 |
CVE-2007-1884 |
|
|
Exec Code Bypass |
2007-04-05 |
2012-11-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location. |
|
11 |
CVE-2007-1835 |
|
|
Bypass |
2007-04-02 |
2012-11-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions. |
|
12 |
CVE-2007-0905 |
|
|
Bypass |
2007-02-13 |
2008-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383. |
|
13 |
CVE-2006-7243 |
20 |
|
Bypass |
2011-01-18 |
2012-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. |
|
14 |
CVE-2006-5178 |
362 |
|
Bypass |
2006-10-10 |
2010-09-15 |
6.2 |
Admin |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. |
|
15 |
CVE-2006-4625 |
|
|
Bypass |
2006-09-12 |
2010-09-15 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. |
|
16 |
CVE-2006-3011 |
264 |
|
Bypass |
2006-06-26 |
2011-07-11 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. |
|
17 |
CVE-2006-2660 |
|
|
Bypass |
2006-06-13 |
2010-04-02 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. |
|
18 |
CVE-2006-1608 |
|
|
Bypass |
2006-04-10 |
2010-04-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. |
|
19 |
CVE-2006-1494 |
|
|
Dir. Trav. Bypass |
2006-04-10 |
2010-08-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. |
|
20 |
CVE-2005-3392 |
|
|
Bypass |
2005-11-01 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. |
|
21 |
CVE-2005-3391 |
|
|
Bypass |
2005-11-01 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd. |
|
22 |
CVE-2005-3390 |
|
|
Bypass |
2005-11-01 |
2010-08-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. |
