WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3557)

Description

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

Remediation

References

Related Vulnerabilities

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3385)

WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)

Apache HTTP Server Other Vulnerability (CVE-2000-0505)

MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)

WordPress Plugin NextGEN Gallery-WordPress Gallery SQL Injection (2.1.77)

Severity

Medium

Classification

CVE-2009-3557 CWE-264

Tags

Missing Update Known Vulnerabilities