{"id":"CVE-2013-1427","details":"The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.","modified":"2026-04-10T03:42:40.897823Z","published":"2013-03-21T17:55:03Z","references":[{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2649"},{"type":"WEB","url":"http://osvdb.org/91462"},{"type":"WEB","url":"http://www.securityfocus.com/bid/58528"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/82897"}],"schema_version":"1.7.5"}