CVE-2004-0542

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:48

Type Values Removed Values Added
References () http://www.idefense.com/application/poi/display?id=108 - Not Applicable () http://www.idefense.com/application/poi/display?id=108 - Not Applicable
References () http://www.php.net/release_4_3_7.php - Patch, Release Notes, Vendor Advisory () http://www.php.net/release_4_3_7.php - Patch, Release Notes, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/16331 - Third Party Advisory, VDB Entry

Information

Published : 2004-08-06 04:00

Updated : 2024-11-20 23:48


NVD link : CVE-2004-0542

Mitre link : CVE-2004-0542

CVE.ORG link : CVE-2004-0542


JSON object : View

Products Affected

php

  • php