Vulnerability Description
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 5.2.0 |
References
- http://securityreason.com/achievement_securityalert/44Exploit
- http://securityreason.com/securityalert/2175
- http://www.securityfocus.com/bid/22261
- http://securityreason.com/achievement_securityalert/44Exploit
- http://securityreason.com/securityalert/2175
- http://www.securityfocus.com/bid/22261
FAQ
What is CVE-2007-0448?
CVE-2007-0448 is a vulnerability with a CVSS score of 10.0 (HIGH). The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specif...
How severe is CVE-2007-0448?
CVE-2007-0448 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0448?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.