Insecure UNIX Socket Permissions in PHP FastCGI Process Manager (FPM)
CVE-2014-0185 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Learn more about our Api Penetration Testing.