VULHUB ™

suPHP is reported prone to a design flaw that may permit a user with some degree of local interactive access to a system to execute arbitrary PHP script code with the privileges of a targeted user. The weakness occurs due to a lack of sufficient validation employed when performing access control checks prior to executing PHP contained in a target file. If an attacker had the ability to write to a target file by exploiting another vulnerability, and the target file meets the suPHP security criteria, then the attacker may potentially execute arbitrary PHP script code in the context of the target user.

suPHP is reported prone to a design flaw that may permit a user with some degree of local interactive access to a system to execute arbitrary PHP script code with the privileges of a targeted user. The weakness occurs due to a lack of sufficient validation employed when performing access control checks prior to executing PHP contained in a target file. If an attacker had the ability to write to a target file by exploiting another vulnerability, and the target file meets the suPHP security criteria, then the attacker may potentially execute arbitrary PHP script code in the context of the target user.