CVE-2006-4625
PHP <4.4.4 & 5.1.6 - Auth Bypass
Title source: llmDescription
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Maksymilian Arciemowicz · phplocalphp
https://www.exploit-db.com/exploits/28504
References (21)
... and 1 more
Scores
EPSS
0.0037
EPSS Percentile
58.6%
Details
Status
published
Products (42)
php/php
4.0
php/php
4.0.1 (3 CPE variants)
php/php
4.0.2
php/php
4.0.3 (2 CPE variants)
php/php
4.0.4
php/php
4.0.5
php/php
4.0.6
php/php
4.0.7 (4 CPE variants)
php/php
4.1.0
php/php
4.1.1
... and 32 more
Published
Sep 12, 2006
Tracked Since
Feb 18, 2026