7.2

CVE-2006-4481

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings.  NOTE: the error_log function is covered by CVE-2006-3011, and the imap_open function is covered by CVE-2006-1017.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.1.0
PhpPhp Version5.1.1
PhpPhp Version5.1.2
PhpPhp Version5.1.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.45% 0.698
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/21546
Patch
Vendor Advisory
http://www.php.net/release_5_1_5.php
Patch
http://secunia.com/advisories/22039
http://www.novell.com/linux/security/advisories/2006_52_php.html
http://secunia.com/advisories/21768
Patch
Vendor Advisory
http://www.ubuntu.com/usn/usn-342-1
http://secunia.com/advisories/21842
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:162
http://www.securityfocus.com/bid/19582
http://www.vupen.com/english/advisories/2006/3318