PT-2014-1420 · Php+2 · Php+2

Publicado

2014-08-23

Atualizado

2024-06-15

CVE-2014-5120

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 5.4.x through 5.4.31 PHP versions 5.5.x through 5.5.15

Description The issue exists in the GD component of PHP due to the presence of %00 sequences in pathnames. This allows remote attackers to overwrite arbitrary files by providing crafted input to applications that call certain functions, including imagegd, imagegd2, imagegif, imagejpeg, imagepng, imagewbmp, or imagewebp.

Recommendations For PHP versions 5.4.x through 5.4.31, update to version 5.4.32 or later. For PHP versions 5.5.x through 5.5.15, update to version 5.5.16 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2015-00375

CESA-2014_1327

CVE-2014-5120

MGASA-2014-0367

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

RHSA-2014:1327

RHSA-2014:1765

RHSA-2014:1766

RHSA-2014_1327

Produtos afetados

Centos

Php

Red Hat

PT-2014-1420 · Php+2 · Php+2

CVE-2014-5120

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 130