CVE-2003-0863

PHP 4.3.x - Unauthenticated File Include Vulnerability via php_check_safe_mode_include_dir

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0863. PoCs published by Michal Krause.

AI-analyzed exploit summary This exploit demonstrates a Safe Mode bypass in PHP by leveraging a logic error in include() and require() functions when safe_mode_include_dir is not defined. It attempts to read /etc/passwd, proving unauthorized file access.

Description

The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Krause · phplocalphp

https://www.exploit-db.com/exploits/22911

View Code ZIP pw:eip

This exploit demonstrates a Safe Mode bypass in PHP by leveraging a logic error in include() and require() functions when safe_mode_include_dir is not defined. It attempts to read /etc/passwd, proving unauthorized file access.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP versions 4.3.0 and later

No auth needed

Prerequisites: PHP Safe Mode enabled · safe_mode_include_dir not defined

MITRE ATT&CK

T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105839111204227

Scores

EPSS 0.0670

EPSS Percentile 93.1%

Details

Status published

Products (3)

php/php 4.3.0

php/php 4.3.1

php/php 4.3.2

Published Nov 17, 2003

Tracked Since Feb 18, 2026