CVE-2009-3559

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
23/11/2009
Last modified:
09/04/2025

Description

main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*