|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25315 vulnerability in mkdir and other unix-commands!
Submitted: 2003-08-29 13:38 UTC Modified: 2003-08-30 07:20 UTC
From: info at flashman dot ru Assigned:
Status: Not a bug Package: Directory function related
PHP Version: 4.3.1 OS: Linux pr5 2.4.18-3
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: info at flashman dot ru
New email:
PHP Version: OS:


 [2003-08-29 13:38 UTC] info at flashman dot ru
php function mkdir allows hackers to execute various commands on the server.
Some scripts need a directory name for user. They may enter

'/www/somedir /usr/bin/wget ...'

and command

'/usr/bin/wget somethinghere'

will be executed on the server without problems!
It happens when php calls unix command mkdir.

Regards, Flashman


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-29 14:03 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

 [2003-08-30 07:20 UTC]
It's your fault if you pass user input as-is forward to any PHP/your own function/etc.

Definately NOT PHP bug.

PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Feb 01 22:03:43 2023 UTC