Description

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."

Remediation

References

CVE-2011-2202

Related Vulnerabilities

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5553)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5731)

WordPress Plugin InLinks SQL Injection (1.0)

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5511)

WordPress Plugin SS Quiz Cross-Site Request Forgery and Access Security Bypass Vulnerabilities (1.11)

Severity

Medium

Classification

CVE-2011-2202 CWE-264

Tags

Missing Update Known Vulnerabilities