Description
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)
osTicket Session Fixation Vulnerability (CVE-2022-31888)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-46148)
WordPress Plugin WooCommerce Salesforce Integration Cross-Site Scripting (1.5.8)