CVE-2010-1129

2010-03-26T16:30:00
ID CVE-2010-1129
Type cve
Reporter NVD
Modified 2010-08-31T01:42:58

Description

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.