Unrated severityNVD Advisory· Published Aug 31, 2006· Updated Apr 16, 2026

CVE-2006-4483

Description

The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

Affected products

PHP/PHP
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
Range: <5.1.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.cnvdBroken LinkPatch
cvs.php.net/viewcvs.cgi/php-src/ext/curl/interface.cnvdBroken LinkPatch
cvs.php.net/viewvc.cgi/php-src/ext/curl/streams.cnvdBroken LinkPatch
secunia.com/advisories/21546nvdNot ApplicablePatchVendor Advisory
www.php.net/release_5_1_5.phpnvdPatchRelease NotesVendor Advisory
securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
www.php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
www.securityfocus.com/archive/1/492671/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/19582nvdThird Party AdvisoryVDB Entry
secunia.com/advisories/22039nvdNot Applicable
secunia.com/advisories/30411nvdNot Applicable
wiki.rpath.com/wiki/Advisories:rPSA-2008-0178nvdBroken Link
www.novell.com/linux/security/advisories/2006_52_php.htmlnvdBroken Link
www.vupen.com/english/advisories/2006/3318nvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000