CVE-2000-0059

PHP3 - Command Injection

Title source: llm

Description

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kristian Koehntopp · phpremotephp

https://www.exploit-db.com/exploits/19708

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/911

Scores

EPSS 0.0267

EPSS Percentile 85.9%

Details

Status published

Products (14)

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

php/php 3.0.7

php/php 3.0.8

php/php 3.0.9

... and 4 more

Published Jan 04, 2000

Tracked Since Feb 18, 2026