|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25315 vulnerability in mkdir and other unix-commands!
Submitted: 2003-08-29 13:38 UTC Modified: 2003-08-30 07:20 UTC
From: info at flashman dot ru Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 4.3.1 OS: Linux pr5 2.4.18-3
Private report: No CVE-ID: None
 [2003-08-29 13:38 UTC] info at flashman dot ru
php function mkdir allows hackers to execute various commands on the server.
Some scripts need a directory name for user. They may enter

'/www/somedir /usr/bin/wget ...'

and command

'/usr/bin/wget somethinghere'

will be executed on the server without problems!
It happens when php calls unix command mkdir.

Regards, Flashman


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-29 14:03 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

 [2003-08-30 07:20 UTC]
It's your fault if you pass user input as-is forward to any PHP/your own function/etc.

Definately NOT PHP bug.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue May 21 22:01:32 2024 UTC