Approved changes feed: RSS · Atom
cpe:2.3:a:php:php:*:*:windows:*:*:*:*:*
part: a version: * update: *
| Vendor | Php (9aec2613-7a27-5ce5-8ac7-140851d8da4c) |
|---|---|
| Product | Php (38640b93-5029-5cca-a025-ab7d01c98b51) |
| Edition | windows |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/php/php-src |
purl2cpe | 2026-06-01 10:17:42.702784 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2007-5653 |
vulnerable | 2026-06-03 14:28:27.469854 |
Details available
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
Published: 2007-10-23T21:00:00.000Z
Updated: 2024-08-07T15:39:13.609Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.