|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #15887 vulnerability? security hole?
Submitted: 2002-03-05 15:41 UTC Modified: 2002-03-12 06:51 UTC
From: astrosmurfie at yahoo dot co dot uk Assigned:
Status: Closed Package: Apache related
PHP Version: 4.1.2 OS: windows 2000
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: astrosmurfie at yahoo dot co dot uk
New email:
PHP Version: OS:


 [2002-03-05 15:41 UTC] astrosmurfie at yahoo dot co dot uk
I just happened to see on a web page and tried that when one writes 'http://myaddress/php/php.exe?anyfile', he can see what's in this file. And this way, one can also upload some files and hack the system. 
What do you think? Is this 'php.exe' a security hole, and what's the use of it if I dont use it at all? I searched your web site, but couldn't find an answer for that. Could you please give me a sufficient explanation about the capabilities of this 'php.exe' file?
Thanks in advance!


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-03-05 15:48 UTC]
This has been fixed and will be released shortly with the new version of php under windows.
 [2002-03-12 06:51 UTC]
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Dec 04 12:01:27 2023 UTC