漏洞类别:Web server漏洞等级: 
漏洞信息
PHP is a scripting language used with Web servers. PHP's security mode (called safe_mode) can be bypassed. This vulnerability is particularly severe for ISPs or dedicated servers hosting Web pages that enable their users to create PHP scripts in safe_mode.
漏洞危害
By exploiting this vulnerability, unauthorized users can create scripts that give them access to files outside the Web root directory (even if safe_mode is enabled). However, the user must have access to at least one Web page on the server in order to carry out the attack. This vulnerability cannot be used to execute commands from a remote system.
解决方案
This vulnerability was fixed in PHP Version 3.0.14. PHP Version 4 is not affected. Download a patch from PHP's Web site, and then recompile your Web server.
0day
文章评论