CVE-2006-4483

N/A Unknown
Published: August 31, 2006 Modified: April 16, 2026
View on NVD

Description

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7
Source: cve@mitre.org
Broken Link Patch
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log
Source: cve@mitre.org
Broken Link Patch
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4
Source: cve@mitre.org
Broken Link Patch
http://secunia.com/advisories/21546
Source: cve@mitre.org
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/22039
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/30411
Source: cve@mitre.org
Not Applicable
http://securitytracker.com/id?1016984
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
Source: cve@mitre.org
Broken Link
http://www.novell.com/linux/security/advisories/2006_52_php.html
Source: cve@mitre.org
Broken Link
http://www.php.net/ChangeLog-5.php#5.1.5
Source: cve@mitre.org
Release Notes Vendor Advisory
http://www.php.net/release_5_1_5.php
Source: cve@mitre.org
Patch Release Notes Vendor Advisory
http://www.securityfocus.com/archive/1/492671/100/0/threaded
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/19582
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/3318
Source: cve@mitre.org
Permissions Required
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?r1=1.62.2.14.2.6&r2=1.62.2.14.2.7
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.c?view=log
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.c?r1=1.14.2.2.2.3&r2=1.14.2.2.2.4
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch
http://secunia.com/advisories/21546
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/22039
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/30411
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://securitytracker.com/id?1016984
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0178
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.novell.com/linux/security/advisories/2006_52_php.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.php.net/ChangeLog-5.php#5.1.5
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Vendor Advisory
http://www.php.net/release_5_1_5.php
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Release Notes Vendor Advisory
http://www.securityfocus.com/archive/1/492671/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/19582
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/3318
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required

28 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.4%
81th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-862

Affected Vendors

php

Related CVEs

CVE-2026-6977 7.3
CVE-2026-31685 N/A
CVE-2026-31684 N/A
CVE-2026-31683 N/A
CVE-2026-31682 N/A