CVE-2004-1064 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2004-1064 Interim 1 3 2021-06-09T08:32:09Z current 2021-05-30T12:31:01Z 2021-06-09T08:32:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2004-1064 The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. CVE-2004-1064 critical 10 AV:N/AC:L/Au:N/C:C/I:C/A:C