PT-2015-1036 · Php+4 · Php+4

Habte Dot Yibelo At Gmail Dot Com

·

Publicado

2015-03-19

·

Atualizado

2018-10-30

·

CVE-2015-2348

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.4.39 PHP versions 5.5.x prior to 5.5.23 PHP versions 5.6.x prior to 5.6.7
Description The issue is related to the move uploaded file implementation in PHP, which truncates a pathname when encountering a x00 character. This allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. The problem exists due to an incomplete fix for a previous issue.
Recommendations For PHP versions prior to 5.4.39, update to version 5.4.39 or later. For PHP versions 5.5.x prior to 5.5.23, update to version 5.5.23 or later. For PHP versions 5.6.x prior to 5.6.7, update to version 5.6.7 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2015-09878
CESA-2015_1135
CVE-2015-2348
DLA-444-1
DSA-3198-1
RHSA-2015:1053
RHSA-2015:1066
RHSA-2015:1135
RHSA-2015_1135
SUSE-SU-2015:0868-1
USN-2572-1

Produtos afetados

Centos
Php
Red Hat
Suse
Ubuntu