Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Out-of-bounds Read Vulnerability (CVE-2017-11147)

Description

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in ext/phar/phar.c.

Remediation

References

Related Vulnerabilities

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000194)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-35625)

WordPress Plugin Backup and Staging by WP Time Capsule Security Bypass (1.21.15)

WordPress Plugin File Groups 'fgid' Parameter SQL Injection (1.1.2)

Severity

Critical

Classification

CVE-2017-11147 CWE-125 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities