CVE-2002-0229

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=101286577109716&w=2
http://marc.info/?l=bugtraq&m=101304702002321&w=2
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
http://www.iss.net/security_center/static/8105.php	Vendor Advisory
http://www.securityfocus.com/bid/4026
http://marc.info/?l=bugtraq&m=101286577109716&w=2
http://marc.info/?l=bugtraq&m=101304702002321&w=2
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
http://www.iss.net/security_center/static/8105.php	Vendor Advisory
http://www.securityfocus.com/bid/4026

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:3.0:::::::*
	cpe:2.3:a:php:php:3.0.1:::::::*
	cpe:2.3:a:php:php:3.0.2:::::::*
	cpe:2.3:a:php:php:3.0.3:::::::*
	cpe:2.3:a:php:php:3.0.4:::::::*
	cpe:2.3:a:php:php:3.0.5:::::::*
	cpe:2.3:a:php:php:3.0.6:::::::*
	cpe:2.3:a:php:php:3.0.7:::::::*
	cpe:2.3:a:php:php:3.0.8:::::::*
	cpe:2.3:a:php:php:3.0.9:::::::*
	cpe:2.3:a:php:php:3.0.10:::::::*
	cpe:2.3:a:php:php:3.0.11:::::::*
	cpe:2.3:a:php:php:3.0.12:::::::*
	cpe:2.3:a:php:php:3.0.13:::::::*
	cpe:2.3:a:php:php:3.0.16:::::::*
	cpe:2.3:a:php:php:4.0:::::::*
	cpe:2.3:a:php:php:4.0.1:::::::*
	cpe:2.3:a:php:php:4.0.1:patch2::::::
	cpe:2.3:a:php:php:4.0.3:::::::*
	cpe:2.3:a:php:php:4.0.4:::::::*
	cpe:2.3:a:php:php:4.0.5:::::::*
	cpe:2.3:a:php:php:4.0.6:::::::*
	cpe:2.3:a:php:php:4.1.0:::::::*
	cpe:2.3:a:php:php:4.1.2:::::::*

History

20 Nov 2024, 23:38

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=101286577109716&w=2 -~~	() http://marc.info/?l=bugtraq&m=101286577109716&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=101304702002321&w=2 -~~	() http://marc.info/?l=bugtraq&m=101304702002321&w=2 -
References	~~() http://marc.info/?l=ntbugtraq&m=101285016125377&w=2 -~~	() http://marc.info/?l=ntbugtraq&m=101285016125377&w=2 -
References	~~() http://marc.info/?l=ntbugtraq&m=101303065423534&w=2 -~~	() http://marc.info/?l=ntbugtraq&m=101303065423534&w=2 -
References	~~() http://marc.info/?l=ntbugtraq&m=101303819613337&w=2 -~~	() http://marc.info/?l=ntbugtraq&m=101303819613337&w=2 -
References	~~() http://www.iss.net/security_center/static/8105.php - Vendor Advisory~~	() http://www.iss.net/security_center/static/8105.php - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/4026 -~~	() http://www.securityfocus.com/bid/4026 -

Information

Published : 2002-05-16 04:00

Updated : 2024-11-20 23:38

NVD link : CVE-2002-0229

Mitre link : CVE-2002-0229

CVE.ORG link : CVE-2002-0229

JSON object : View

Products Affected

php

CWE

NVD-CWE-Other

7.5 /10