FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- arbitrary code execution

Affected packages
php56 < 5.6.11
php55 < 5.5.27
php5 < 5.4.43

Details

VuXML ID 5a1d5d74-29a0-11e5-86ff-14dae9d210b8
Discovery 2015-06-07
Entry 2015-07-13

cmb reports:

When delayed variable substitution is enabled (can be set in the Registry, for instance), !ENV! works similar to %ENV%, and the value of the environment variable ENV will be subsituted.

References

URL https://bugs.php.net/bug.php?id=69768