News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
PHP "glob()" Code Execution Vulnerability
July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution bypass security glob vulnerability execution bypass security


blog comments powered by Disqus

Similar Posts

Script-Tutorials.com: Protection and Methodologies of Security Vulnerabilities in Web Development

Ed Finkler's Blog: What Matt Mullenweg doesn't know about PHP5, and how it hurts him and his users

PHPit.net: PHP Security - Basic PHP Security

SitePoint PHP Blog: PHP ZH Round One

Developer.com: PHP Remains Strong Despite Security Flaws


Community Events





Don't see your event here?
Let us know!


deployment bugfix interview opinion install library voicesoftheelephpant introduction series tips api framework laravel list community podcast release symfony language package

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework