Описание
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
Ссылки
- Broken LinkPatch
- Broken LinkPatch
- Broken LinkPatch
- Not ApplicablePatchVendor Advisory
- Not Applicable
- Not Applicable
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Release NotesVendor Advisory
- PatchRelease NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Permissions Required
- Broken LinkPatch
- Broken LinkPatch
- Broken LinkPatch
- Not ApplicablePatchVendor Advisory
- Not Applicable
- Not Applicable
Уязвимые конфигурации
EPSS
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/str ...
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
EPSS
9.3 Critical
CVSS2