CVE-2006-7243

2011-01-18T15:00:10
ID CVE-2006-7243
Type cve
Reporter NVD
Modified 2017-10-10T21:31:31

Description

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.