Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2692

Description

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

Affected products

Kyberdigi Labs/PHP Exec Dir6 versions
cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.2:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:kyberdigi_labs:php-exec-dir:4.3.7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

kyberdigi.cz/projects/execdir/english.htmlnvdPatch
www.securityfocus.com/bid/10598nvdExploitPatch
secunia.com/advisories/11928nvdVendor Advisory
seclists.org/fulldisclosure/2004/Jul/0347.htmlnvd
seclists.org/fulldisclosure/2004/Jul/0350.htmlnvd
seclists.org/fulldisclosure/2004/Jul/0357.htmlnvd
www.osvdb.org/7243nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16498nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000