CVE-2011-0754

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.4

Description The issue is related to the SplFileInfo::getType function in the Standard PHP Library (SPL) extension, which does not properly detect symbolic links on Windows. This might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, due to the lack of a FILE ATTRIBUTE REPARSE POINT check.

Recommendations For PHP versions prior to 5.3.4, update to version 5.3.4 or later to resolve the issue.