Directory Traversal Vulnerability in PHP via specially crafted requestsID: oval:org.secpod.oval:def:5831 | Date: (C)2012-05-24 (M)2023-12-07 |
Class: VULNERABILITY | Family: windows |
The host is installed with PHP before 5.4.0 and is prone to directory traversal vulnerability. A flaw is present in the application, which fails to properly handle invalid [ (open square bracket) characters in name values. Successful exploitation allows attackers to cause a denial of service or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Vista |
Microsoft Windows XP |
Microsoft Windows 8 |