php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15887 vulnerability? security hole?
Submitted: 2002-03-05 15:41 UTC Modified: 2002-03-12 06:51 UTC
From: astrosmurfie at yahoo dot co dot uk Assigned:
Status: Closed Package: Apache related
PHP Version: 4.1.2 OS: windows 2000
Private report: No CVE-ID: None
 [2002-03-05 15:41 UTC] astrosmurfie at yahoo dot co dot uk
hi!
I just happened to see on a web page and tried that when one writes 'http://myaddress/php/php.exe?anyfile', he can see what's in this file. And this way, one can also upload some files and hack the system. 
What do you think? Is this 'php.exe' a security hole, and what's the use of it if I dont use it at all? I searched your web site, but couldn't find an answer for that. Could you please give me a sufficient explanation about the capabilities of this 'php.exe' file?
Thanks in advance!
smurfie

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-05 15:48 UTC] imajes@php.net
This has been fixed and will be released shortly with the new version of php under windows.
 [2002-03-12 06:51 UTC] imajes@php.net
released.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 00:01:30 2024 UTC