cbcvebase.
CVE-2006-5178
published 2006-10-10

CVE-2006-5178: Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink…

PriorityP423medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.64%
45.9th percentile
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

Affected

47 ranges· showing 25
VendorProductVersion rangeFixed in
phpphp<= 5.1.6
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

CVSS provenance

nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
vendor_redhat6.2MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.