Vulnerability & Exploit Database

Back to search

PHP Multiple Vulnerabilities Fixed in version 5.2.13

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:P/I:P/A:P) February 24, 2010 June 29, 2010 February 12, 2015

Description

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

php-upgrade-5_2_13

Related Vulnerabilities