Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3558)

Description

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

Remediation

References

Related Vulnerabilities

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Atlassian Jira CVE-2019-20404 Vulnerability (CVE-2019-20404)

Next.js CVE-2022-21721 Vulnerability (CVE-2022-21721)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-1610)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5493)

Severity

Medium

Classification

CVE-2009-3558 CWE-264

Tags

Missing Update Known Vulnerabilities