cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Max CVSS
10.0
EPSS Score
92.00%
Published
2004-08-06
Updated
2022-07-01
1 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!