PUBLISHED DATE: May 16, 2002CVE-2002-0229:
Safe Mode feature (safe_mode)...

Description

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Products

• PHP PHP 3.0.10
• PHP PHP 3.0.11
• PHP PHP 3.0.12
• PHP PHP 3.0.13
• PHP PHP 3.0.16
• PHP PHP 3.0.1
• PHP PHP 3.0.2
• PHP PHP 3.0.3
• PHP PHP 3.0.4
• PHP PHP 3.0.5
• PHP PHP 3.0.6
• PHP PHP 3.0.7
• PHP PHP 3.0.8
• PHP PHP 3.0.9
• PHP PHP 3.0
• PHP PHP 4.0.1
• PHP 4.0.1 -
• PHP 4.0.1 Patch 1
• PHP 4.0.1 Patch 2
• PHP 4.0.1 Release Candidate 2
• PHP 4.0.1 Release Candidate
• PHP PHP 4.0.3
• PHP 4.0.3 Patch 1
• PHP 4.0.3 Release Candidate 1
• PHP 4.0.3 Release Candidate 2
• PHP PHP 4.0.4
• PHP 4.0.4 -
• PHP 4.0.4 Release Candidate 1
• PHP 4.0.4 Release Candidate 2
• PHP 4.0.4 Release Candidate 3
• PHP 4.0.4 Release Candidate 4
• PHP 4.0.4 Release Candidate 5
• PHP 4.0.4 Release Candidate 6
• PHP PHP 4.0.5
• PHP 4.0.5 -
• PHP 4.0.5 Release Candidate 1
• PHP 4.0.5 Release Candidate 2
• PHP 4.0.5 Release Candidate 3
• PHP 4.0.5 Release Candidate 4
• PHP 4.0.5 Release Candidate 5
• PHP 4.0.5 Release Candidate 6
• PHP 4.0.5 Release Candidate 7
• PHP 4.0.5 Release Candidate 8
• PHP PHP 4.0.6
• PHP 4.0.6 -
• PHP 4.0.6 Release Candidate 1
• PHP 4.0.6 Release Candidate 2
• PHP 4.0.6 Release Candidate 3
• PHP 4.0.6 Release Candidate 4
• PHP 4.0.0
• PHP 4.0 -
• PHP PHP 4.0 Beta 1
• PHP PHP 4.0 Beta 2
• PHP PHP 4.0 Beta 3
• PHP PHP 4.0 Beta 4
• PHP PHP 4.0 Beta 4 Patch Level 1
• PHP 4.0 Release Candidate 1
• PHP 4.0 Release Candidate 2
• PHP PHP 4.1.0
• PHP 4.1.0 -
• PHP 4.1.0 Release Candidate 1
• PHP 4.1.0 Release Candidate 2
• PHP 4.1.0 Release Candidate 3
• PHP 4.1.0 Release Candidate 4
• PHP 4.1.0 Release Candidate 5
• PHP PHP 4.1.2

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-0229, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-0229 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-2002-0229