PHP PHP 5.6. x
PHP PHP 5.5. x
PHP PHP 5.4.39
CVE(CAN) ID: CVE-2 0 1 5-2 3 4 8
PHP is a General-purpose open source scripting language.
PHP 5.4.39, and 5.5. x, 5.6. x version of ext/standard/basic_functions. c, move_uploaded_file encountered\x00 characters will truncate the path name, in the realization on the presence of security vulnerabilities, by configuration parameters, a remote attacker could bypass the target extension limit to the illegal name of the created file.
Recommendation: vendor patch:
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download: