CVE-2004-2692

Name: CVE-2004-2692
Creator: NVD / NIST
Published: 2004-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.51%

Last modified Jun 16, 2026

CVE-2004-2692 is a vulnerability of currently unknown severity. The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.. EPSS estimates a 4.51% chance of exploitation in the next 30 days.

Description

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

Metrics

EPSS Probability

4.51%

90.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Kyberdigi Labs	Php-Exec-Dir	4.3.2
Kyberdigi Labs	Php-Exec-Dir	4.3.3
Kyberdigi Labs	Php-Exec-Dir	4.3.4
Kyberdigi Labs	Php-Exec-Dir	4.3.5
Kyberdigi Labs	Php-Exec-Dir	4.3.6
Kyberdigi Labs	Php-Exec-Dir	4.3.7

References

Timeline

Published: Dec 31, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-2692?

How severe is CVE-2004-2692?

Severity scoring for CVE-2004-2692 is pending analysis. The EPSS model estimates a 4.51% probability of exploitation in the next 30 days.

How do I fix CVE-2004-2692?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2692?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST