CVE-2007-4850
published 2008-01-25CVE-2007-4850: curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions…
PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
5.58%
91.9th percentile
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_ubuntu5.0MEDIUM
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2008-07-23·CVSS 5.0
CVE-2007-4782 [MEDIUM] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
It was discovered that PHP did not properly check the length of the
string parameter to the fnmatch function. An attacker could cause a
denial of service in the PHP interpreter if a script passed untrusted
input to the fnmatch function. (CVE-2007-4782)
Maksymilian Arciemowicz discovered a flaw in the cURL library that
allowed safe_mode and open_basedir restrictions to be bypassed. If a
PHP application were tricked into processing a bad file:// request,
an attacker could read arbitrary files. (CVE-2007-4850)
Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars
functions did not correctly stop when handling partial multibyte
sequences. A remote attacker could exploit this to read certain areas
of memory, possibly gai
Red Hat
php: curl safe mode bypass
vendor_redhat·2008-01-22·CVSS 2.1
CVE-2007-4850 [LOW] php: curl safe mode bypass
php: curl safe mode bypass
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
Statement: We do not consider these to be security issues. For more details see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and https://www.php.net/security-note.php
GHSA
GHSA-8q99-j5m2-gvjc: curl/interface
ghsa_unreviewed·2022-05-01·CVSS 2.1
CVE-2007-4850 [LOW] GHSA-8q99-j5m2-gvjc: curl/interface
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
No detection rules found.
http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=markuphttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.htmlhttp://secunia.com/advisories/30048http://secunia.com/advisories/30411http://secunia.com/advisories/31200http://secunia.com/advisories/31326http://secunia.com/advisories/32222http://securityreason.com/achievement_securityalert/51http://securityreason.com/securityalert/3562http://support.apple.com/kb/HT3216http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178http://www.mandriva.com/security/advisories?name=MDVSA-2009:022http://www.mandriva.com/security/advisories?name=MDVSA-2009:023http://www.openwall.com/lists/oss-security/2008/05/02/2http://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/archive/1/486856/100/0/threadedhttp://www.securityfocus.com/archive/1/492671/100/0/threadedhttp://www.securityfocus.com/bid/27413http://www.securityfocus.com/bid/29009http://www.securityfocus.com/bid/31681http://www.ubuntu.com/usn/usn-628-1http://www.vupen.com/english/advisories/2008/1412http://www.vupen.com/english/advisories/2008/2268http://www.vupen.com/english/advisories/2008/2780https://exchange.xforce.ibmcloud.com/vulnerabilities/39852https://exchange.xforce.ibmcloud.com/vulnerabilities/42134http://cvs.php.net/viewcvs.cgi/php-src/NEWS?revision=1.2027.2.547.2.1047&view=markuphttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.htmlhttp://secunia.com/advisories/30048http://secunia.com/advisories/30411http://secunia.com/advisories/31200http://secunia.com/advisories/31326http://secunia.com/advisories/32222http://securityreason.com/achievement_securityalert/51http://securityreason.com/securityalert/3562http://support.apple.com/kb/HT3216http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178http://www.mandriva.com/security/advisories?name=MDVSA-2009:022http://www.mandriva.com/security/advisories?name=MDVSA-2009:023http://www.openwall.com/lists/oss-security/2008/05/02/2http://www.php.net/ChangeLog-5.phphttp://www.securityfocus.com/archive/1/486856/100/0/threadedhttp://www.securityfocus.com/archive/1/492671/100/0/threadedhttp://www.securityfocus.com/bid/27413http://www.securityfocus.com/bid/29009http://www.securityfocus.com/bid/31681http://www.ubuntu.com/usn/usn-628-1http://www.vupen.com/english/advisories/2008/1412http://www.vupen.com/english/advisories/2008/2268http://www.vupen.com/english/advisories/2008/2780https://exchange.xforce.ibmcloud.com/vulnerabilities/39852https://exchange.xforce.ibmcloud.com/vulnerabilities/42134
2008-01-25
Published