Home > Vulnerability Database > CVE-2015-4642

Mend.io Vulnerability Database

CVE-2015-4642

Date: May 16, 2016

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.

Language: C

Severity Score

9.8

Related Resources (9)

Url: http://www.securityfocus.com/bid/75290

Url: http://www.securitytracker.com/id/1032709

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-4642

Url: https://bugs.php.net/bug.php?id=69646

Url: http://openwall.com/lists/oss-security/2015/06/18/6

Url: http://php.net/ChangeLog-5.php

Url: https://security.gentoo.org/glsa/201606-10

Url: http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9

Url: https://www.mend.io/vulnerability-database/CVE-2015-4642

Severity Score

9.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-4642

Date: May 16, 2016

Language: C

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?