Описание
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.4.4-1ubuntu1 |
| hardy | released | 5.2.4-2ubuntu5.25 |
| lucid | released | 5.3.2-1ubuntu4.17 |
| maverick | ignored | end of life |
| natty | released | 5.3.5-1ubuntu7.10 |
| oneiric | released | 5.3.6-13ubuntu3.8 |
| precise | released | 5.3.10-1ubuntu3.2 |
| upstream | released | 5.3.11,5.4.0 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ...
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Уязвимость компонента rfc1867.c интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.8 Medium
CVSS2