CVE-2003-0097
Description
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"The CGI force redirect mechanism in PHP 4.3.0 can be bypassed, allowing direct access to arbitrary files."
Attack vector
An attacker can bypass the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect) to directly access arbitrary files on the server as the PHP user. By crafting HTTP requests that circumvent the redirect check, the attacker may also be able to execute arbitrary PHP code. The vulnerability is triggered over the network without authentication [ref_id=1].
Affected code
The CVE description identifies the CGI module in PHP 4.3.0 as the affected component. No patch or specific function/file names are provided in the bundle.
What the fix does
The bundle does not include a patch or explicit remediation guidance for this CVE. The Slackware changelog entry [ref_id=1] does not describe any fix for CVE-2003-0097. Administrators should consult PHP security advisories for PHP 4.3.0 to obtain the appropriate patch or upgrade to a corrected version.
Preconditions
- configPHP 4.3.0 must be configured with CGI mode (cgi.force_redirect or --enable-force-cgi-redirect)
- networkAttacker must be able to send HTTP requests to the PHP CGI endpoint
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6News mentions
0No linked articles in our index yet.