Download
| Alert*
|
oval:org.secpod.oval:def:76700
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file ... oval:org.secpod.oval:def:52201 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:44739 php7.1: HTML-embedded scripting language interpreter - php7.0: HTML-embedded scripting language interpreter - php5: HTML-embedded scripting language interpreter Several security issues were fixed in PHP. oval:org.secpod.oval:def:89043717 This update for php53 fixes several issues. These security issues were fixed: - CVE-2016-10712: In PHP all of the return values of stream_get_meta_data could be controlled if the input can be controlled . - CVE-2018-5712: Prevent reflected XSS on the PHAR 404 error page via the URI of a request for ... |
