Main Vulnerability Database Exploits ID:11488 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2009-4018

ID:11488 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2009-4018

Published: June 8, 2025

Vulnerability identifier: #VU110317

Vulnerability risk: Medium

CVE-ID: CVE-2009-4018

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/11636/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Remediation

Install update from vendor's website.

ID:11488 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2009-4018

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human