CVE-2008-7002

PHP 5.2.5 - Local Restriction Bypass via exec system shell_exec passthru popen Functions

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7002. PoCs published by Ciph3r.

AI-analyzed exploit summary This PoC demonstrates a bypass of PHP's 'safe_mode_exec_dir' and 'open_basedir' restrictions in PHP 5.2.5 by executing system commands via functions like 'exec', 'system', 'shell_exec', 'passthru', and 'popen'. It confirms the vulnerability by launching 'calc.exe' when invoked locally.

Description

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ciph3r · phplocalphp
https://www.exploit-db.com/exploits/32343

This PoC demonstrates a bypass of PHP's 'safe_mode_exec_dir' and 'open_basedir' restrictions in PHP 5.2.5 by executing system commands via functions like 'exec', 'system', 'shell_exec', 'passthru', and 'popen'. It confirms the vulnerability by launching 'calc.exe' when invoked locally.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PHP 5.2.5
No auth needed
Prerequisites: PHP 5.2.5 with 'safe_mode' off and 'open_basedir' or 'safe_mode_exec_dir' restrictions in place · Local execution context
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31064

Scores

EPSS 0.0083
EPSS Percentile 52.8%

Details

CWE
CWE-264
Status published
Products (1)
php/php 5.2.5
Published Aug 19, 2009
Tracked Since Feb 18, 2026