Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.

  • Published: May 24, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-0448
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
php / php 5.2.0 5.2.0.x