Arbitrary Code Execution Vulnerability in PHP Package in Slackware 8.1, 9.0, and 9.1

Arbitrary Code Execution Vulnerability in PHP Package in Slackware 8.1, 9.0, and 9.1

CVE-2004-0530 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.

Learn more about our User Device Pen Test.