Description

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

Remediation

References

CVE-2006-7243

Related Vulnerabilities

Oracle Database Server CVE-2012-0512 Vulnerability (CVE-2012-0512)

WordPress Plugin Classified Listing Store & Membership Cross-Site Scripting (1.4.19)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-21967)

Django Uncontrolled Recursion Vulnerability (CVE-2019-14235)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)

Severity

Medium

Classification

CVE-2006-7243 CWE-20

Tags

Missing Update Known Vulnerabilities