PHP POST file upload buffer overflow vulnerabilities

Description

This alert was generated using only banner information. It may be a false positive.

PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.

Affected PHP versions (up to 4.1.1).

Remediation

Upgrade PHP to the latest version.

References
Severity
Classification
Tags
  • Missing Update