Main Vulnerability Database Vulnerabilities #VU110521

Input validation error in PHP - CVE-2004-0542

Published: July 1, 2022 / Updated: June 8, 2025

Vulnerability identifier: #VU110521

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2004-0542

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
PHP

Software vendor:
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.

Remediation

Install update from vendor's website.

External links

http://www.idefense.com/application/poi/display?id=108
http://www.php.net/release_4_3_7.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/16331

Input validation error in PHP - CVE-2004-0542

Description

Remediation

External links

Please verify you're human