vulnerability
Huawei EulerOS: CVE-2016-10712: php security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Feb 9, 2018 | May 3, 2018 | Aug 13, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Feb 9, 2018
Added
May 3, 2018
Modified
Aug 13, 2025
Description
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.
Solutions
huawei-euleros-2_0_sp1-upgrade-phphuawei-euleros-2_0_sp1-upgrade-php-clihuawei-euleros-2_0_sp1-upgrade-php-commonhuawei-euleros-2_0_sp1-upgrade-php-gdhuawei-euleros-2_0_sp1-upgrade-php-ldaphuawei-euleros-2_0_sp1-upgrade-php-mysqlhuawei-euleros-2_0_sp1-upgrade-php-odbchuawei-euleros-2_0_sp1-upgrade-php-pdohuawei-euleros-2_0_sp1-upgrade-php-pgsqlhuawei-euleros-2_0_sp1-upgrade-php-processhuawei-euleros-2_0_sp1-upgrade-php-recodehuawei-euleros-2_0_sp1-upgrade-php-soaphuawei-euleros-2_0_sp1-upgrade-php-xmlhuawei-euleros-2_0_sp1-upgrade-php-xmlrpc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.