News Feed
Jobs Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way
PHP "glob()" Code Execution Vulnerability
July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution bypass security glob vulnerability execution bypass security

blog comments powered by Disqus

Similar Posts

Nessa's Blog: Common PHP Errors

ThinkPHP Blog: SQL injections for dummies - and how to fix them

Alistair Wooldrige's Blog: Is PHP Insecure? Hell No!

International PHP Magazine: IPM Poll Question: The Most Common PHP Security Mistake Is?

Stefan Esser's Blog: MOPB: First Reactions

Community Events

Don't see your event here?
Let us know!

install component package opinion podcast symfony2 language code facebook application security introduction composer unittest overview hhvm example release hack framework

All content copyright, 2014 :: - Powered by the Solar PHP Framework