CVE-2002-0229

PHP 3.0-4.1.0 - Safe Mode Bypass via MySQL LOAD DATA INFILE LOCAL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2002-0229.

AI-analyzed exploit summary This PHP script exploits a vulnerability in PHP's 'safe_mode' feature by leveraging the MySQL client library to bypass filesystem restrictions. It uses the LOAD DATA LOCAL INFILE statement to read files from restricted directories, such as '/etc/passwd'.

Description

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Exploits (3)

exploitdb WORKING POC
phpremotephp
https://www.exploit-db.com/exploits/21266

This PHP script exploits a vulnerability in PHP's 'safe_mode' feature by leveraging the MySQL client library to bypass filesystem restrictions. It uses the LOAD DATA LOCAL INFILE statement to read files from restricted directories, such as '/etc/passwd'.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP with MySQL client library (versions affected by CVE-2002-0229)
Auth required
Prerequisites: MySQL server access · PHP with 'safe_mode' enabled · MySQL user credentials
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
phpremotephp
https://www.exploit-db.com/exploits/21265

This exploit demonstrates a bypass of PHP's 'safe_mode' restrictions by leveraging the MySQL client library's failure to honor these restrictions. It uses a LOAD DATA LOCAL INFILE statement to read files from restricted areas of the filesystem, such as '/etc/passwd'.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: PHP with MySQL client library (versions affected by CVE-2002-0229)
Auth required
Prerequisites: PHP with 'safe_mode' enabled · MySQL server access with sufficient privileges to create databases and tables · MySQL client library vulnerable to CVE-2002-0229
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
phpremotephp
https://www.exploit-db.com/exploits/21264

This PHP script exploits CVE-2002-0229 by bypassing PHP's safe_mode restrictions via MySQL's LOAD DATA statement to read arbitrary files from the filesystem. It creates a temporary table, loads the target file into it, and retrieves the content, effectively leaking restricted file data.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHP (with MySQL client library) in safe_mode
Auth required
Prerequisites: MySQL server access · Valid MySQL credentials · PHP safe_mode enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101304702002321&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101286577109716&w=2
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8105.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4026

Scores

EPSS 0.0958
EPSS Percentile 94.9%

Details

Status published
Products (23)
php/php 3.0
php/php 3.0.1
php/php 3.0.2
php/php 3.0.3
php/php 3.0.4
php/php 3.0.5
php/php 3.0.6
php/php 3.0.7
php/php 3.0.8
php/php 3.0.9
... and 13 more
Published May 16, 2002
Tracked Since Feb 18, 2026