|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #13406 PHP exploit
Submitted: 2001-09-23 14:27 UTC Modified: 2001-09-23 14:35 UTC
From: arpadffy at altavista dot net Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 4.0.4pl1 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: arpadffy at altavista dot net
New email:
PHP Version: OS:


 [2001-09-23 14:27 UTC] arpadffy at altavista dot net
I'm running Redhat 7.1
Linux xxxxxxxxxxxx 2.4.3-12 #1 Fri Jun 8 15:05:56 EDT 2001 i686 unknown
with apache apache-1.3.19-5 

funcion system() gives apache rights to every user even in /~username requests... 

it is easy to exploit the whole site with simple script

what should I do againt.??


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2001-09-23 14:35 UTC]
Ask support questions on

Hint: safe-mode, safemode.disable-function (or something like that)
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu May 19 05:05:44 2022 UTC