PHP Python Extension 'safe_mode' Restriction Bypass Vulnerability

PHP is prone to a 'safe_mode' restriction-bypass vulnerability when the Python extension in enabled. Successful exploits could allow an attacker to execute arbitrary code.

This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code; in such cases, the 'safe_mode' restriction is expected to isolate users from each other.

Versions prior to PHP 6 are vulnerable.

NOTE: The severity of this issue can vary depending on the specific configuration of the server.


Privacy Statement
Copyright 2010, SecurityFocus