← voltar
CVE-2011-2202

CVE-2011-2202

EPSS 19.2%
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/35855não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://bugs.php.net/bug.php?id=54939http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://openwall.com/lists/oss-security/2011/06/12/5http://openwall.com/lists/oss-security/2011/06/13/15http://pastebin.com/1edSuSVNhttp://rhn.redhat.com/errata/RHSA-2012-0071.htmlhttp://secunia.com/advisories/44874http://securitytracker.com/id?1025659https://exchange.xforce.ibmcloud.com/vulnerabilities/67999http://support.apple.com/kb/HT5130http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103