CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
phpphp
𝑥
≤ 5.4.41
phpphp
5.5.0
phpphp
5.5.1
phpphp
5.5.2
phpphp
5.5.3
phpphp
5.5.4
phpphp
5.5.5
phpphp
5.5.6
phpphp
5.5.7
phpphp
5.5.8
phpphp
5.5.9
phpphp
5.5.10
phpphp
5.5.11
phpphp
5.5.12
phpphp
5.5.13
phpphp
5.5.14
phpphp
5.5.15
phpphp
5.5.16
phpphp
5.5.17
phpphp
5.5.18
phpphp
5.5.19
phpphp
5.5.20
phpphp
5.5.21
phpphp
5.5.22
phpphp
5.5.23
phpphp
5.5.24
phpphp
5.5.25
phpphp
5.6.0
phpphp
5.6.1
phpphp
5.6.2
phpphp
5.6.3
phpphp
5.6.4
phpphp
5.6.5
phpphp
5.6.6
phpphp
5.6.7
phpphp
5.6.8
phpphp
5.6.9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
vivid
not-affected
utopic
not-affected
trusty
not-affected
precise
not-affected
Common Weakness Enumeration
References
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/75290
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69646
https://security.gentoo.org/glsa/201606-10
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
http://openwall.com/lists/oss-security/2015/06/18/6
http://php.net/ChangeLog-5.php
http://www.securityfocus.com/bid/75290
http://www.securitytracker.com/id/1032709
https://bugs.php.net/bug.php?id=69646
https://security.gentoo.org/glsa/201606-10