CVE-2004-0542
First published: Thu Jun 10 2004(Updated: )
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PHP PHP | <4.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/remedy
- agent/type
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/php
- canonical/php php