CVE-2004-1064

N/A Unknown
Published: January 10, 2005 Modified: April 16, 2026
View on NVD

Description

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915
Source: cve@mitre.org
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
Source: cve@mitre.org
Third Party Advisory
http://www.hardened-php.net/advisories/012004.txt
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
Source: cve@mitre.org
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
Source: cve@mitre.org
Third Party Advisory
http://www.php.net/release_4_3_10.php
Source: cve@mitre.org
Release Notes Vendor Advisory
http://www.securityfocus.com/advisories/9028
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/384545
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/11964
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/18512
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://www.ubuntu.com/usn/usn-99-1/
Source: cve@mitre.org
Third Party Advisory
https://www.ubuntu.com/usn/usn-99-2/
Source: cve@mitre.org
Third Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.hardened-php.net/advisories/012004.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:151
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:072
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.php.net/release_4_3_10.php
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Vendor Advisory
http://www.securityfocus.com/advisories/9028
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/384545
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/11964
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/18512
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://www.ubuntu.com/usn/usn-99-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.ubuntu.com/usn/usn-99-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

24 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.7%
82th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

canonical php