← CVECheck
HomeVulnerabilities

CVE-2004-0542 — HIGH severity vulnerability (PHP before 4.3.7 on Win32 platforms does not properly filter)

PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the esca

CVE IDCVE-2004-0542
SeverityHIGH
CVSS score10.0
CVSS vectorAV:N/AC:L/Au:N/C:C/I:C/A:C
CWENVD-CWE-noinfo
StatusModified
Published2004-08-06
Last modified2026-04-16
DescriptionPHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →