News Feed
Jobs Feed
Sections




News Archive
Secunia.com:
PHP "glob()" Code Execution Vulnerability
by Chris Cornutt July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution bypass security glob vulnerability execution bypass security


blog comments powered by Disqus

Similar Posts

O'Reilly: Using Google Code Search to Find Security Bugs

Symfony Blog: Symfony2 Security Audit

David Müller: Why URL validation with filter_var might not be a good idea

PHP Security Consortium: SecurityFocus Summaries Posted

PHPBuilder.com: Mitigate the Security Risks of PHP System Command Execution


 Community Events











Don't see your event here?
Let us know!

release tool series phpunit podcast introduction framework testing zendframework2 opinion example interview application unittest code community object functional language development

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework