Description

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

Remediation

References

CVE-2009-3557

Related Vulnerabilities

WordPress Plugin Twitter LiveBlog Cross-Site Request Forgery (1.1.2)

WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.14)

WordPress Plugin uContext for Amazon Cross-Site Request Forgery (3.9.1)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-4027)

WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel Cross-Site Request Forgery (1.3.1)

Severity

Medium

Classification

CVE-2009-3557 CWE-264

Tags

Missing Update Known Vulnerabilities