Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-h6z6-uwnc-u7hj
Vulnerability ID VCID-h6z6-uwnc-u7hj
Aliases CVE-2008-2666
Summary PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
System Score Found at
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
epss 0.07274 https://api.first.org/data/v1/epss?cve=CVE-2008-2666
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2008-2666
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2666.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2666
http://secunia.com/advisories/32746
http://secunia.com/advisories/35074
http://secunia.com/advisories/35650
http://security.gentoo.org/glsa/glsa-200811-05.xml
http://securityreason.com/achievement_securityalert/55
http://securityreason.com/securityalert/3942
https://exchange.xforce.ibmcloud.com/vulnerabilities/43198
http://support.apple.com/kb/HT3549
http://wiki.rpath.com/Advisories:rPSA-2009-0035
http://www.securityfocus.com/archive/1/501376/100/0/threaded
http://www.securityfocus.com/bid/29796
http://www.securitytracker.com/id?1020328
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
452207 https://bugzilla.redhat.com/show_bug.cgi?id=452207
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
CVE-2008-2666 https://nvd.nist.gov/vuln/detail/CVE-2008-2666
CVE-2008-2666;OSVDB-46638 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/local/31937.txt
CVE-2008-2666;OSVDB-46638 Exploit https://www.securityfocus.com/bid/29796/info
GLSA-200811-05 https://security.gentoo.org/glsa/200811-05
Data source Exploit-DB
Date added June 18, 2008
Description PHP 5.2.6 - 'chdir()' Function http URL Argument Safe_mode Restriction Bypass
Ransomware campaign use Known
Source publication date June 18, 2008
Exploit type local
Platform php
Source update date Feb. 27, 2014
Source URL https://www.securityfocus.com/bid/29796/info
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2666
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91617
EPSS Score 0.07274
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:01:56.011391+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/200811-05 38.0.0