Computer Security
[EN] securityvulns.ru no-pyccku


PHP directory traversal
Published:06.07.2011
Source:
SecurityVulns ID:11763
Type:library
Threat Level:
7/10
Description:Directory traversal in RFC 1867 files upload.
Affected:PHP : PHP 5.3
CVE:CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability.")

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod