Access Restriction Bypass Affecting php package, versions [4.0.4pl1,4.0.5]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.33% (72nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-PHP-2335355
  • published12 Jan 2022
  • disclosed6 Dec 2001
  • creditUnknown

Introduced: 6 Dec 2001

CVE-2001-1247  (opens in a new tab)
CWE-264  (opens in a new tab)

How to fix?

There is no fixed version for php.

Overview

Affected versions of this package are vulnerable to Access Restriction Bypass. PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

CVSS Scores

version 3.1