OSVDB ID: 20898 Title: PHP Unspecified curl / gd Restriction Bypass |
Info |
|
|
Dates |
||||
|
|
Description |
PHP contains a flaw in the "ext/curl" and "ext/gd" modules that may allow a malicious user to view sensitive files without authorization. It is possible that the flaw may allow the attacker to bypass the "safe_mode" or "open_basedir" restrictions. This may allow the disclosure of sensitive information, resulting in a loss of confidentiality. |
Classification |
Location:
Remote / Network Access
Attack Type: Information Disclosure Impact: Loss of Confidentiality Exploit: Exploit Unknown Disclosure: OSVDB Verified, Vendor Verified |
Solution |
Upgrade to version 4.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
Credit |
Unknown or Incomplete |