ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
References
Configurations
History
No history.
Information
Published : 2007-03-09 22:19
Updated : 2024-02-04 17:13
NVD link : CVE-2007-1369
Mitre link : CVE-2007-1369
CVE.ORG link : CVE-2007-1369
JSON object : View
Products Affected
zend
- zend_platform
CWE