First published: Sat Mar 10 2007(Updated: )
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft All Windows | =abstract_cpe | |
PHP COM extensions |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.