The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://marc.info/?l=bugtraq&m=105839111204227 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2003-10-15T04:00:00
Updated: 2024-08-08T02:05:12.650Z
Reserved: 2003-10-13T00:00:00
Link: CVE-2003-0863
Vulnrichment
No data.
NVD
Status : Modified
Published: 2003-11-17T05:00:00.000
Modified: 2024-11-20T23:45:41.960
Link: CVE-2003-0863
Redhat
No data.