WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3558)

Description

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Remediation

References

Related Vulnerabilities

WordPress Plugin MW WP Form Arbitrary File Deletion (5.0.3)

XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7077)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-40407)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Cross-Site Request Forgery (8.0.1)

Severity

Medium

Classification

CVE-2009-3558 CWE-264

Tags

Missing Update Known Vulnerabilities