WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2006-7243)

Description

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Appointments Scheduler Cross-Site Scripting (1.5)

MySQL CVE-2018-3162 Vulnerability (CVE-2018-3162)

Oracle Database Server CVE-2011-2232 Vulnerability (CVE-2011-2232)

WordPress Plugin My Calendar Cross-Site Scripting (3.1.9)

WordPress Plugin Keyword Strategy Internal Links Multiple Cross-Site Scripting Vulnerabilities (2.0)

Severity

Medium

Classification

CVE-2006-7243 CWE-20

Tags

Missing Update Known Vulnerabilities