Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2019-1260 Vulnerability (CVE-2019-1260)
WordPress Plugin Count per Day Cross-Site Request Forgery (3.2.5)
WordPress Plugin Thrive Dashboard Security Bypass (2.3.9.2)
Oracle Database Server CVE-2011-0832 Vulnerability (CVE-2011-0832)
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)