CVE-2007-3007

Publication date 4 June 2007

Last updated 17 July 2025

Ubuntu priority

Description

PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
php5	7.04 feisty	Ignored
	6.10 edgy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?

Notes

kees

basedir bypass

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-3007