ID:11547 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2008-5625

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:11547 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2008-5625

ID:11547 - Exploit for Permissions, Privileges, and Access Controls in PHP - CVE-2008-5625

Published: June 11, 2025


Vulnerability identifier: #VU110335
Vulnerability risk: Medium
CVE-ID: CVE-2008-5625
CWE-ID: CWE-264
Exploitation vector: Remote access
Vulnerable software:
PHP

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.


Remediation

Install update from vendor's website.