Unrated severityNVD Advisory· Published Mar 9, 2007· Updated Apr 23, 2026

CVE-2007-1370

Description

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files. NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.

Affected products

Zend/Zend Platform2 versions
cpe:2.3:a:zend:zend_platform:2.2.1a:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:zend:zend_platform:2.2.1a:*:*:*:*:*:*:*
- cpe:2.3:a:zend:zend_platform:2.2.1a:a:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.php-security.org/MOPB/BONUS-06-2007.htmlnvdPatchVendor Advisory
www.zend.com/products/zend_platform/security_vulnerabilitiesnvdVendor Advisory
secunia.com/advisories/24501nvd
www.osvdb.org/32772nvd
www.securityfocus.com/bid/22801nvd
www.vupen.com/english/advisories/2007/0829nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32825nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000