Vulnerability Description
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.4.4 |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&obje
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&obje
- http://secunia.com/advisories/25423
- http://secunia.com/advisories/25850
- http://www.vupen.com/english/advisories/2007/1991
- http://www.vupen.com/english/advisories/2007/2374
- https://www.exploit-db.com/exploits/3573
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&obje
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&obje
- http://secunia.com/advisories/25423
- http://secunia.com/advisories/25850
- http://www.vupen.com/english/advisories/2007/1991
- http://www.vupen.com/english/advisories/2007/2374
- https://www.exploit-db.com/exploits/3573
FAQ
What is CVE-2007-1710?
CVE-2007-1710 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax ...
How severe is CVE-2007-1710?
CVE-2007-1710 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1710?
Check the references section above for vendor advisories and patch information. Affected products include: Php Php.