{
  "modified": "2025-08-09T19:01:28Z",
  "published": "2013-03-21T17:55:03Z",
  "id": "CVE-2013-1427",
  "details": "The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2013/dsa-2649"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/91462"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/58528"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82897"
    }
  ]
}