|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10442 CGI php.exe allows for ANY file to be read from the server
Submitted: 2001-04-22 11:23 UTC Modified: 2001-04-28 16:16 UTC
From: hingleton at freeuk dot com Assigned:
Status: Closed Package: Apache related
PHP Version: 4.0.4pl1 OS: Windows 9x, Windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: hingleton at freeuk dot com
New email:
PHP Version: OS:


 [2001-04-22 11:23 UTC] hingleton at freeuk dot com
I'm using Apache 1.3.19 on Windows 2000, with PHP 4.0.4pl1 running as a CGI executable.

Occasionaly whilst testing on localhost, Apache will set the current address as, for example:

This can be modified, to read ANY file from the server.\windows\win.ini

would, for example, print out in plaintext the contents of that file on a Win9x system.

IMO, this represents an enormous potential security problem, although is it dependant on the attacker knowing the path to the php.exe executable, and the filename he wishes to retrive.

This works on my Windows 2000 and Windows 98SE machines, both of which have PHP running as an executable.
The initial setup instructions come from, which set PHP to be installed as c:\php\php.exe by default.

Jakub Burgis


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-04-28 16:16 UTC]
This is well covered in the manual under security issues you should compile with the appropriate options.

- James
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Apr 16 03:01:29 2024 UTC