Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2007-3378

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

  • Published: Jun 29, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-3378
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
php / php 4.0.0 4.4.7.x
php / php 5.0.0 5.2.3.x