CVE-2004-0542

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
References
Link Resource
http://www.idefense.com/application/poi/display?id=108 Not Applicable
http://www.php.net/release_4_3_7.php Patch Release Notes Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

01 Jul 2022, 14:14

Type Values Removed Values Added
CWE NVD-CWE-Other NVD-CWE-noinfo
CPE cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
References (MISC) http://www.idefense.com/application/poi/display?id=108 - Vendor Advisory (MISC) http://www.idefense.com/application/poi/display?id=108 - Not Applicable
References (CONFIRM) http://www.php.net/release_4_3_7.php - Patch (CONFIRM) http://www.php.net/release_4_3_7.php - Patch, Release Notes, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 - Third Party Advisory, VDB Entry

Information

Published : 2004-08-06 04:00

Updated : 2024-02-04 16:31


NVD link : CVE-2004-0542

Mitre link : CVE-2004-0542

CVE.ORG link : CVE-2004-0542


JSON object : View

Products Affected

php

  • php