CVE-2007-1369

ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this directory to /usr/local/Zend/etc.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zend:zend_platform:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-03-09 22:19

Updated : 2024-02-04 17:13


NVD link : CVE-2007-1369

Mitre link : CVE-2007-1369

CVE.ORG link : CVE-2007-1369


JSON object : View

Products Affected

zend

  • zend_platform