Description

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

Remediation

References

CVE-2006-7243

Related Vulnerabilities

Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.14)

Oracle Application Server CVE-2007-5516 Vulnerability (CVE-2007-5516)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)

Drupal Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-28949)

MySQL CVE-2020-14838 Vulnerability (CVE-2020-14838)

Severity

Medium

Classification

CVE-2006-7243 CWE-20

Tags

Missing Update Known Vulnerabilities