Description
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
References (7)
Core 7
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1991
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01056506
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01086137
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2374
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25423
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25850
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3573
Scores
EPSS
0.0014
EPSS Percentile
33.5%
Details
Status
published
Products (3)
php/php
4.4.4
php/php
5.1.6
php/php
5.2.1
Published
Mar 27, 2007
Tracked Since
Feb 18, 2026