CVE-2014-0185

Published May 6th, 2014

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.2

HIGH

Affected

PROJECT

Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

php/php-src

The PHP Interpreter

GitHub

40.2K