Description

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

Remediation

References

CVE-2019-9637

Related Vulnerabilities

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.2.2)

MediaWiki Improper Input Validation Vulnerability (CVE-2013-6453)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.136.3)

PHP Out-of-bounds Read Vulnerability (CVE-2018-20783)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)

Severity

High

Classification

CVE-2019-9637 CWE-264 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities