7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.048 Low
EPSS
Percentile
92.5%
Secunia reports:
Some vulnerabilities have been reported in PHP, where some have an
unknown impact and others can potentially be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
An input validation error exists within the
“ZipArchive::extractTo()” function when extracting ZIP archives.
This can be exploited to extract files to arbitrary locations
outside the specified directory via directory traversal sequences in
a specially crafted ZIP archive.
An error in the included PCRE library can be exploited to cause a
buffer overflow.
The problem is that the “BG(page_uid)” and “BG(page_gid)” variables
are not initialized. No further information is currently
available.
The problem is that the “php_value” order is incorrect for Apache
configurations. No further information is currently available.
An error in the GD library can be exploited to cause a crash via a
specially crafted font file.