CVE-2007-5447

Ioncube Php Encoder - Access Control

Title source: rule

Description

ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by shinnai · phplocalwindows

https://www.exploit-db.com/exploits/4517

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/41708

[Vendor Advisory] http://secunia.com/advisories/27178

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/37227

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26024

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4517

Scores

EPSS 0.0389

EPSS Percentile 88.3%

Details

CWE

CWE-264

Status published

Products (2)

ioncube/php_encoder 6.5

php/php 5.2.4

Published Oct 14, 2007

Tracked Since Feb 18, 2026