Description

This alert was generated using only banner information. It may be a false positive.

PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.

Affected PHP versions (up to 4.1.1).

Remediation

Upgrade PHP to the latest version.

References

BID 4183

PHP homepage

Related Vulnerabilities

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1198)

MySQL CVE-2016-9840 Vulnerability (CVE-2016-9840)

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)

Severity

High

Classification

CVE-2002-0081 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow