Unrated severityNVD Advisory· Published Oct 14, 2007· Updated Apr 23, 2026

CVE-2007-5447

Description

ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.

Affected products

Ioncube/PHP Encoder
cpe:2.3:a:ioncube:php_encoder:6.5:*:*:*:*:*:*:*
PHP/PHP
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/27178nvdVendor Advisory
osvdb.org/41708nvd
www.securityfocus.com/bid/26024nvd
exchange.xforce.ibmcloud.com/vulnerabilities/37227nvd
www.exploit-db.com/exploits/4517nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000