VYPR
Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Jun 16, 2026

CVE-2004-1063

CVE-2004-1063

Description

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=4.0.0,<=4.3.9
    • (no CPE)range: <=4.3.9
  • cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.