CVE-2004-0542
First published: Thu Jun 10 2004(Updated: )
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP | <4.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-0542?
CVE-2004-0542 is considered to have a high severity level due to the potential for arbitrary code execution and system compromise.
How do I fix CVE-2004-0542?
To fix CVE-2004-0542, upgrade PHP to version 4.3.7 or later on Win32 platforms.
What platforms are affected by CVE-2004-0542?
CVE-2004-0542 specifically affects PHP versions prior to 4.3.7 running on Win32 platforms.
What types of attacks can exploit CVE-2004-0542?
CVE-2004-0542 can be exploited to execute arbitrary code, overwrite files, and access internal environment variables.
How can I identify if my PHP installation is vulnerable to CVE-2004-0542?
You can identify vulnerability to CVE-2004-0542 by checking if your PHP version is older than 4.3.7 on a Win32 platform.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/php
- canonical/php