PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-06-10T04:00:00
Updated: 2024-08-08T00:24:25.880Z
Reserved: 2004-06-08T00:00:00
Link: CVE-2004-0542
Vulnrichment
No data.
NVD
Status : Modified
Published: 2004-08-06T04:00:00.000
Modified: 2024-11-20T23:48:49.353
Link: CVE-2004-0542
Redhat
No data.