CVE-2006-1494

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 10 Apr 2006, 19:00
Last modified:07 Aug 2024, 17:12

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
2.6 LOW
v2.0 (nvd)
EPSS Score
5.83% LOW
6% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected

Timeline

10 Apr 2006, 19:00
Published
Vulnerability first disclosed
07 Aug 2024, 17:12
Last Modified
Vulnerability information updated

Description

Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.

CVSS Metrics

  • v2.0LOWScore: 2.6AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 5.83% Percentile: 91%

Affected Systems

  • UnknownPHP

    4.0 | 4.0:beta_4_patch1 | 4.0:beta1 | 4.0:beta2 | 4.0:beta3 | 4.0:beta4 | 4.0:rc1 | 4.0:rc2 | 4.0.0 | 4.0.1 | 4.0.1:patch1 | 4.0.1:patch2 | 4.0.2 | 4.0.3 | 4.0.3:patch1 | 4.0.4 | 4.0.4:patch1 | 4.0.5 | 4.0.6 | 4.0.7 | 4.0.7:rc1 | 4.0.7:rc2 | 4.0.7:rc3 | 4.1.0 | 4.1.1 | 4.1.2 | 4.2 | 4.2.0 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | 4.3.3 | 4.3.4 | 4.3.5 | 4.3.6 | 4.3.7 | 4.3.8 | 4.3.9 | 4.3.10 | 4.3.11 | 4.4.0 | 4.4.1 | 4.4.2 | 5.0:rc1 | 5.0:rc2 | 5.0:rc3 | 5.0.0 | 5.0.0:beta1 | 5.0.0:beta2 | 5.0.0:beta3 | 5.0.0:beta4 | 5.0.0:rc1 | 5.0.0:rc2 | 5.0.0:rc3 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.1.0 | 5.1.1 | 5.1.2

References (27)