From: [EMAIL PROTECTED] Operating system: windows 2000 PHP version: 4.1.2 PHP Bug Type: Apache related Bug description: vulnerability? security hole?
hi! I just happened to see on a web page and tried that when one writes 'http://myaddress/php/php.exe?anyfile', he can see what's in this file. And this way, one can also upload some files and hack the system. What do you think? Is this 'php.exe' a security hole, and what's the use of it if I dont use it at all? I searched your web site, but couldn't find an answer for that. Could you please give me a sufficient explanation about the capabilities of this 'php.exe' file? Thanks in advance! smurfie -- Edit bug report at http://bugs.php.net/?id=15887&edit=1 -- Fixed in CVS: http://bugs.php.net/fix.php?id=15887&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=15887&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=15887&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=15887&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=15887&r=support Expected behavior: http://bugs.php.net/fix.php?id=15887&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=15887&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=15887&r=submittedtwice
