CVE-2004-0542
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
06/08/2004
Last modified:
03/04/2025
Description
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | 4.3.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.idefense.com/application/poi/display?id=108
- http://www.php.net/release_4_3_7.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16331
- http://www.idefense.com/application/poi/display?id=108
- http://www.php.net/release_4_3_7.php
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16331