The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
References
Link | Resource |
---|---|
http://bugs.php.net/bug.php?id=37265 | Vendor Advisory |
http://secunia.com/advisories/21546 | Patch Vendor Advisory |
http://us2.php.net/ChangeLog-4.php#4.4.4 | Vendor Advisory |
http://www.osvdb.org/28005 | Broken Link Patch |
Configurations
History
19 Jan 2023, 16:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:* |
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* |
References | (MISC) http://bugs.php.net/bug.php?id=37265 - Vendor Advisory | |
References | (CONFIRM) http://us2.php.net/ChangeLog-4.php#4.4.4 - Vendor Advisory | |
References | (OSVDB) http://www.osvdb.org/28005 - Broken Link, Patch |
Information
Published : 2007-05-22 19:30
Updated : 2023-12-10 10:40
NVD link : CVE-2006-7204
Mitre link : CVE-2006-7204
CVE.ORG link : CVE-2006-7204
JSON object : View
Products Affected
php
- php
CWE