ID:11536 - Exploit for Input validation error in PHP - CVE-2007-0448

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:11536 - Exploit for Input validation error in PHP - CVE-2007-0448

ID:11536 - Exploit for Input validation error in PHP - CVE-2007-0448

Published: June 10, 2025


Vulnerability identifier: #VU110395
Vulnerability risk: High
CVE-ID: CVE-2007-0448
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
PHP

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.


Remediation

Install update from vendor's website.