[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP 4.3.x - Microsoft Windows Shell Escape functions Command Execution

Author: Daniel Fabian
type: local
platform: php
port: 
date_added: 2004-06-07 
date_updated: 2013-01-16 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/10471/info

PHP is reportedly prone to a command execution vulnerability in its shell escape functions. This issue is due to a failure of PHP to properly sanitize function arguments.

This issue might allow an attacker to execute arbitrary shell commands on a computer running the vulnerable software within the security context of the web server; potentially leading to unauthorized access. Other attacks are also possible.

This issue is reported to affect PHP under Microsoft Windows version 4.3.3 and 4.3.5, it is likely that other Microsoft Windows versions are affected as well.

" || dir ||
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.