Information disclosure in PHP

Published: 2018-08-09 09:34:20
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-15132
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit Not available
Vulnerable software PHP
Vulnerable software versions PHP 5.6.0
PHP 5.6.1
PHP 5.6.2
Show more
Vendor URL PHP Group

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper implementation of  open_basedir checking mechanisms in the linkinfo() function, as defined in the ext/standard/link_win32.c source code file. A remote attacker can gain access to potentially sensitive information.

Remediation

The vulnerability has been addressed in the versions 5.6.37, 7.0.31, 7.1.20, and 7.2.8.

External links

https://github.com/php/php-src/commit/f151e048ed27f6f4eef729f3310d053ab5da71d4

Back to List