9.3
CVE-2004-2692
- EPSS 4.51%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:10:08
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kyberdigi Labs ≫ Php-exec-dir Version4.3.2
Kyberdigi Labs ≫ Php-exec-dir Version4.3.3
Kyberdigi Labs ≫ Php-exec-dir Version4.3.4
Kyberdigi Labs ≫ Php-exec-dir Version4.3.5
Kyberdigi Labs ≫ Php-exec-dir Version4.3.6
Kyberdigi Labs ≫ Php-exec-dir Version4.3.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.51% | 0.903 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://kyberdigi.cz/projects/execdir/english.html
http://seclists.org/fulldisclosure/2004/Jul/0347.html
http://seclists.org/fulldisclosure/2004/Jul/0350.html
http://seclists.org/fulldisclosure/2004/Jul/0357.html
http://secunia.com/advisories/11928
http://www.osvdb.org/7243
http://www.securityfocus.com/bid/10598
https://exchange.xforce.ibmcloud.com/vulnerabilities/16498