VYPR
Unrated severityNVD Advisory· Published Jun 29, 2007· Updated Jun 16, 2026

CVE-2007-3378

CVE-2007-3378

Description

The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • PHP/PHP2 versions
    cpe:2.3:a:php:php:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:php:php:*:*:*:*:*:*:*:*range: >=4.0.0,<=4.4.7
    • (no CPE)range: <=4.4.7 (PHP 4) / <=5.2.3 (PHP 5)

Patches

Vulnerability mechanics

References

43

News mentions

0

No linked articles in our index yet.