CVE-2002-0229

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Published Bycve@mitre.org

Published DateMay 16, 2002, 04:00

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

http://marc.info/?l=bugtraq&m=101286577109716&w=2
http://marc.info/?l=bugtraq&m=101304702002321&w=2
http://marc.info/?l=ntbugtraq&m=101285016125377&w=2
http://marc.info/?l=ntbugtraq&m=101303065423534&w=2
http://marc.info/?l=ntbugtraq&m=101303819613337&w=2
http://www.iss.net/security_center/static/8105.php
http://www.securityfocus.com/bid/4026

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL