Количество 10
Количество 10
GHSA-x58x-2jp5-xfv7
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-2348
The move_uploaded_file implementation in ext/standard/basic_functions. ...
BDU:2015-09878
Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику создать файл с некорректным именем
SUSE-SU-2015:0868-1
Security update for php5
ELSA-2015-1053
ELSA-2015-1053: php55 security and bug fix update (MODERATE)
ELSA-2015-1066
ELSA-2015-1066: php54 security and bug fix update (IMPORTANT)
ELSA-2015-1135
ELSA-2015-1135: php security and bug fix update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-x58x-2jp5-xfv7 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | 7% Низкий | около 3 лет назад | |
 | CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | CVSS2: 5 | 7% Низкий | около 10 лет назад |
 | CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | CVSS2: 4 | 7% Низкий | больше 10 лет назад |
 | CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | CVSS2: 5 | 7% Низкий | около 10 лет назад |
| CVE-2015-2348 The move_uploaded_file implementation in ext/standard/basic_functions. ... | CVSS2: 5 | 7% Низкий | около 10 лет назад |
 | BDU:2015-09878 Уязвимость интерпретатора PHP, позволяющая удалённому злоумышленнику создать файл с некорректным именем | CVSS2: 5 | 7% Низкий | больше 10 лет назад |
 | SUSE-SU-2015:0868-1 Security update for php5 | около 10 лет назад | ||
| ELSA-2015-1053 ELSA-2015-1053: php55 security and bug fix update (MODERATE) | больше 9 лет назад | ||
| ELSA-2015-1066 ELSA-2015-1066: php54 security and bug fix update (IMPORTANT) | больше 9 лет назад | ||
| ELSA-2015-1135 ELSA-2015-1135: php security and bug fix update (IMPORTANT) | почти 10 лет назад |
Уязвимостей на страницу