CVE-2012-1172

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.0

Description The issue arises from insufficient input validation in the file-upload implementation, making it easier for remote attackers to cause a denial of service or conduct directory traversal attacks during multi-file uploads. This can be achieved by leveraging a script that lacks its own filename restrictions, particularly by exploiting the improper handling of invalid [ (open square bracket) characters in name values.

Recommendations For PHP versions prior to 5.4.0, update to version 5.4.0 or later to resolve the issue. As a temporary workaround, consider implementing additional filename restrictions in scripts to minimize the risk of exploitation.