PHP :: Bug #15887 :: vulnerability? security hole?

Bug #15887	vulnerability? security hole?
Submitted:	2002-03-05 15:41 UTC	Modified:	2002-03-12 06:51 UTC
From:	astrosmurfie at yahoo dot co dot uk	Assigned:
Status:	Closed	Package:	Apache related
PHP Version:	4.1.2	OS:	windows 2000
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2002-03-05 15:41 UTC] astrosmurfie at yahoo dot co dot uk

hi!
I just happened to see on a web page and tried that when one writes 'http://myaddress/php/php.exe?anyfile', he can see what's in this file. And this way, one can also upload some files and hack the system. 
What do you think? Is this 'php.exe' a security hole, and what's the use of it if I dont use it at all? I searched your web site, but couldn't find an answer for that. Could you please give me a sufficient explanation about the capabilities of this 'php.exe' file?
Thanks in advance!
smurfie

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-03-05 15:48 UTC] imajes@php.net

This has been fixed and will be released shortly with the new version of php under windows.

[2002-03-12 06:51 UTC] imajes@php.net

released.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 26 10:01:31 2024 UTC