logo
DATABASE RESOURCES PRICING ABOUT US

FreeBSD : php -- NULL byte poisoning (3761df02-0f9c-11e0-becc-0022156e8794)

Description

PHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR : Poison NULL byte vulnerability for perl CGI applications was described in [1]. ShAnKaR noted, that same vulnerability also affects different PHP applications. PHP developers report that branch 5.3 received a fix : Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).


Related