Habte Dot Yibelo At Gmail Dot Com

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.39 PHP versions 5.5.x prior to 5.5.23 PHP versions 5.6.x prior to 5.6.7 **Description** The issue is related to the move uploaded file implementation in PHP, which truncates a pathname when encountering a `x00` character. This allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. The problem exists due to an incomplete fix for a previous issue. **Recommendations** For PHP versions prior to 5.4.39, update to version 5.4.39 or later. For PHP versions 5.5.x prior to 5.5.23, update to version 5.5.23 or later. For PHP versions 5.6.x prior to 5.6.7, update to version 5.6.7 or later.