CVE-2011-2202
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
Productos afectados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/35855no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://bugs.php.net/bug.php?id=54939http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://openwall.com/lists/oss-security/2011/06/12/5http://openwall.com/lists/oss-security/2011/06/13/15http://pastebin.com/1edSuSVNhttp://rhn.redhat.com/errata/RHSA-2012-0071.htmlhttp://secunia.com/advisories/44874http://securitytracker.com/id?1025659https://exchange.xforce.ibmcloud.com/vulnerabilities/67999http://support.apple.com/kb/HT5130http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103