Description
PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.
Affected PHP versions (up to 4.1.1).
Remediation
Upgrade PHP to the latest version.
References
Related Vulnerabilities
MySQL CVE-2016-9840 Vulnerability (CVE-2016-9840)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)
WordPress Plugin MasterStudy LMS-for Online Courses and Education Local File Inclusion (3.3.3)
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)