Unrated severityNVD Advisory· Published Apr 18, 2008· Updated Apr 23, 2026

CVE-2008-1734

Description

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Affected products

Gentoo/Php Toolkit3 versions
cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gentoo:php_toolkit:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:php_toolkit:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:gentoo:php_toolkit:*:rc1:*:*:*:*:*:*range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000