CVE-2005-3054
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/09/2005
Last modified:
03/04/2025
Description
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/17229
- http://secunia.com/advisories/17371
- http://secunia.com/advisories/17510
- http://secunia.com/advisories/17557
- http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A213
- http://www.php.net/release_4_4_1.php
- http://www.securityfocus.com/bid/14957
- http://www.vupen.com/english/advisories/2005/1862
- http://www.vupen.com/english/advisories/2005/2254
- https://usn.ubuntu.com/207-1/
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/17229
- http://secunia.com/advisories/17371
- http://secunia.com/advisories/17510
- http://secunia.com/advisories/17557
- http://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2005%3A213
- http://www.php.net/release_4_4_1.php
- http://www.securityfocus.com/bid/14957
- http://www.vupen.com/english/advisories/2005/1862
- http://www.vupen.com/english/advisories/2005/2254
- https://usn.ubuntu.com/207-1/