CVE-2007-4652

PHP < 5.2.4 - Local Symlink Bypass of open_basedir Restrictions via Session File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4652. PoCs published by Maksymilian Arciemowicz.

AI-analyzed exploit summary This exploit bypasses PHP's open_basedir restriction by creating a series of nested directories and symlinks to access files outside the restricted directory. It leverages a vulnerability in PHP 5.2.12 and 5.3.1.

Description

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Maksymilian Arciemowicz · phplocalphp

https://www.exploit-db.com/exploits/10557

View Code ZIP pw:eip

This exploit bypasses PHP's open_basedir restriction by creating a series of nested directories and symlinks to access files outside the restricted directory. It leverages a vulnerability in PHP 5.2.12 and 5.3.1.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PHP 5.2.12, 5.3.1

No auth needed

Prerequisites: PHP with open_basedir restriction enabled · Write permissions in the current directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26822

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36387

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml

Vendor Advisory x_refsource_confirm

http://www.php.net/ChangeLog-5.php#5.2.4

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2007/0026/

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1693

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-1702

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26838

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27377

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27102

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3023

Release Notes x_refsource_confirm

http://www.php.net/releases/5_2_4.php

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26642

Scores

EPSS 0.0061

EPSS Percentile 44.3%

Details

CWE

CWE-59

Status published

Products (46)

php/php 1.0

php/php 2.0

php/php 2.0b10

php/php 3.0

php/php 3.0.1

php/php 3.0.2

php/php 3.0.3

php/php 3.0.4

php/php 3.0.5

php/php 3.0.6

... and 36 more

Published Sep 04, 2007

Tracked Since Feb 18, 2026