Pedro xpto1995-zz

## escapeshellrce.md

      
        
          
            
              
              2 files
            
          
          
            
              
              10 forks
            
          
          
            
              
              15 comments
            
          
          
            
              
              46 stars
            
          
        
        
          
              
          
          
            
                Zenexer
                / escapeshellrce.md
            
            
              Last active
              November 2, 2023 06:09
            
              
                Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
              
          
        
      
        
  
      
    Paul Buonopane paul@namepros.com at NamePros

PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance.  Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074].  It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
Summary