Lucene search

K
prionPRIOn knowledge basePRION:CVE-2011-2202
HistoryJun 16, 2011 - 11:55 p.m.

Path traversal

2011-06-1623:55:00
PRIOn knowledge base
www.prio-n.com
4

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.055 Low

EPSS

Percentile

93.0%

The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a β€œfile path injection vulnerability.”

Rows per page:
1-10 of 721

References

7.5 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.055 Low

EPSS

Percentile

93.0%