Description
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
Remediation
References
Related Vulnerabilities
MySQL CVE-2021-2012 Vulnerability (CVE-2021-2012)
WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability (3.0.1 - 3.0.2)
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-58281)
WordPress 4.7.x Cross-Domain Flash Injection Vulnerability (4.7 - 4.7.8)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2019-18838)