Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Jun 16, 2026
CVE-2004-1063
CVE-2004-1063
Description
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:o:canonical:ubuntu_linux:4.10:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
12- www.gentoo.org/security/en/glsa/glsa-200412-14.xmlnvdThird Party Advisory
- www.hardened-php.net/advisories/012004.txtnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.php.net/release_4_3_10.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/advisories/9028nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/384545nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/11964nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/18511nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-99-1/nvdThird Party Advisory
- distro.conectiva.com.br/atualizacoes/nvdBroken Link
- www.osvdb.org/12412nvdBroken Link
News mentions
0No linked articles in our index yet.