Количество 7
Количество 7
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ...
GHSA-6qfq-jp45-c2jc
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
ELSA-2012-0033
ELSA-2012-0033: php security update (MODERATE)
ELSA-2011-1423
ELSA-2011-1423: php53 and php security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." | CVSS2: 6.4 | 9% Низкий | около 14 лет назад |
 | CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." | CVSS2: 2.6 | 9% Низкий | около 14 лет назад |
 | CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." | CVSS2: 6.4 | 9% Низкий | около 14 лет назад |
| CVE-2011-2202 The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3. ... | CVSS2: 6.4 | 9% Низкий | около 14 лет назад |
| GHSA-6qfq-jp45-c2jc The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability." | 9% Низкий | около 3 лет назад | |
| ELSA-2012-0033 ELSA-2012-0033: php security update (MODERATE) | больше 13 лет назад | ||
| ELSA-2011-1423 ELSA-2011-1423: php53 and php security update (MODERATE) | больше 13 лет назад |
Уязвимостей на страницу