Tweet
A configuration vulnerability exists for PHP.EXE cgi running on Apache for Win32 platforms. It is reported that the installation text recommends configuration options in httpd.conf that create a security vulnerability, allowing arbitrary files to be read from the host running PHP. Remote users can directly execute the PHP binary:
http://www.somehost.com/php/php.exe?c:winntwin.ini
Solution:
No solution was provided in the original Securiteam advisory.
References:
http://www.securitytracker.com/alert...n/1003104.html
Risk factor: High
http://www.somehost.com/php/php.exe?c:winntwin.ini
Solution:
No solution was provided in the original Securiteam advisory.
References:
http://www.securitytracker.com/alert...n/1003104.html
Risk factor: High
Kommentar