Unrated severityNVD Advisory· Published Dec 6, 2001· Updated Jun 16, 2026

CVE-2001-1247

Description

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

PHP/PHP3 versions
cpe:2.3:a:php:php:4.0.4pl1:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:php:php:4.0.4pl1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
- (no CPE)range: = 4.0.4pl1, 4.0.5

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.redhat.com/support/errata/RHSA-2002-035.htmlnvdPatchVendor Advisory
online.securityfocus.com/archive/1/194425nvdExploitPatchVendor Advisory
www.osvdb.org/5440nvd
www.php.net/do_download.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000