CVE-2008-7002
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
We have discovered 132,393 live websites that are affected by CVE-2008-7002.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 132,393 live websites (1.52% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 70 versions ( 12.80% of all versions) |
Details
- Published - Aug 18, 2009
- Updated - Sep 16, 2024
CVE References
CVE-2008-7002 usage by Country
 United States | 9,635 websites |
 Taiwan | 81,392 websites |
 France | 6,188 websites |
 Germany | 5,515 websites |
 Japan | 4,841 websites |
 Korea, South | 4,588 websites |
 Russia | 2,963 websites |
 Italy | 1,304 websites |
 Austria | 1,144 websites |
CVE-2008-7002 usage by TLD
| .com | 84,636 websites |
| .info | 4,826 websites |
| .de | 4,343 websites |
| .net | 4,063 websites |
| .ru | 2,630 websites |
| .org | 2,229 websites |
| .fr | 1,634 websites |
| .jp | 1,582 websites |
| .co.jp | 941 websites |
| .cz | 933 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2008-7002
Top websites that are affected by CVE-2008-7002. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***.tw | Taiwan | *,*** | |
| **********.*****.de | Germany | *,*** | |
| ***********.jp | Japan | **,*** | |
| ****.info | France | **,*** | |
| ******.com | Taiwan | **,*** | |
| *********.com | United States | **,*** | |
| ******.com | Taiwan | **,*** | |
| ****.com | Taiwan | **,*** | |
| *****.com | Taiwan | **,*** | |
| ******.com | Taiwan | **,*** |
FAQ
A total of 132,393 websites have been identified as vulnerable to CVE-2008-7002, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2008-7002 vulnerability.
PHP versions before 5.2.5 are vulnerable to CVE-2008-7002.
Version 5.2.5 of PHP addresses the CVE-2008-7002 security vulnerability.