Description
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20405)
XWikiplatform CVE-2025-32972 Vulnerability (CVE-2025-32972)
WordPress Plugin Duplicator-WordPress Migration Unspecified Vulnerability (1.1.34)
MySQL CVE-2013-5807 Vulnerability (CVE-2013-5807)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-38268)