Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)

Description

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.

Remediation

References

Related Vulnerabilities

WordPress Plugin MegaOptim Image Optimizer Unspecified Vulnerability (1.3.2)

Oracle JRE CVE-2014-2402 Vulnerability (CVE-2014-2402)

WordPress Plugin Quick Paypal Payments Security Bypass (5.7.21)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)

WordPress Plugin Advanced Access Manager Cross-Site Scripting (6.7.9)

Severity

High

Classification

CVE-2018-15132 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities