A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths.

References

bugzilla.redhat.com/show_bug.cgi?id=1789069

nvd.nist.gov/vuln/detail/CVE-2019-11044

www.cve.org/CVERecord?id=CVE-2019-11044

ubuntucve 5

nessus 61

veracode 1

openvas 48

cve 5

seebug 1

freebsd 2

symantec 1

hackerone 1

debiancve 1

prion 4

oraclelinux 3

redhat 3

thn 1

centos 3

osv 2

f5 4

debian 2

ibm 1

fedora 5

amazon 3

openwrt 1

slackware 1

securityvulns 5

ubuntu 2

gentoo 1

cloudlinux 1

suse 1

rosalinux 1

ubuntucve

CVE-2006-7243

2011-01-18 00:00:00

CVE-2019-11044

2019-12-23 00:00:00

CVE-2015-4025

2015-06-09 00:00:00

nessus

FreeBSD : php -- NULL byte poisoning (3761df02-0f9c-11e0-becc-0022156e8794)

2011-01-13 00:00:00

Scientific Linux Security Update : php on SL5.x i386/x86_64 (20140318)

2014-03-20 00:00:00

Oracle Linux 5 : php (ELSA-2014-0311)

2014-03-19 00:00:00

veracode

Authorization Bypass

2019-01-15 08:51:41

openvas

FreeBSD Ports: php5

2011-01-24 00:00:00

FreeBSD Ports: php5

2011-01-24 00:00:00

RedHat Update for php RHSA-2014:0311-01

2014-03-20 00:00:00

cve

CVE-2006-7243

2011-01-18 20:00:00

CVE-2019-11044

2019-12-23 03:15:00

CVE-2015-4026

2015-06-09 18:59:00

seebug

PHP空字符安全限制绕过漏洞(CVE-2006-7243)

2012-04-12 00:00:00

freebsd

php -- NULL byte poisoning

2010-12-10 00:00:00

php -- multiple vulnerabilities

2015-05-14 00:00:00

symantec

PHP CVE-2019-11044 Multiple Unspecified Security Vulnerabilities

2019-12-16 00:00:00

hackerone

Internet Bug Bounty: PHP link() silently truncates after a null byte on Windows

2020-02-26 05:04:15

debiancve

CVE-2019-11044

2019-12-23 03:15:00

prion

Design/Logic Flaw

2019-12-23 03:15:00

Design/Logic Flaw

2015-06-09 18:59:00

Code injection

2015-06-09 18:59:00

oraclelinux

php security update

2014-03-18 00:00:00

php security, bug fix, and enhancement update

2013-11-25 00:00:00

php53 security, bug fix and enhancement update

2013-10-02 00:00:00

redhat

(RHSA-2014:0311) Critical: php security update

2014-03-18 00:00:00

(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update

2013-11-21 00:00:00

(RHSA-2013:1307) Moderate: php53 security, bug fix and enhancement update

2013-09-30 16:52:28

thn

Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely

2015-03-01 00:50:00

centos

php security update

2014-03-19 01:15:26

php security update

2013-11-26 13:32:36

php53 security update

2013-10-07 12:42:03

osv

php5 - security update

2016-02-29 00:00:00

php5 - security update

2015-09-07 00:00:00

K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

2015-07-22 00:00:00

SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026

2015-07-22 00:00:00

SOL13519 - Multiple PHP vulnerabilities

2012-04-04 00:00:00

debian

[SECURITY] [DLA 444-1] php5 security update

2016-02-29 18:41:39

[SECURITY] [DLA 307-1] php5 security update

2015-09-07 20:21:46

ibm

Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in PHP (CVE-2019-11045, CVE-2019-11044, CVE-2019-11046)

2020-05-11 17:22:11

fedora

[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22

2015-05-26 03:40:42

[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21

2015-05-27 16:13:20

[SECURITY] Fedora 31 Update: php-7.3.13-1.fc31

2020-01-05 00:42:40

amazon

Medium: php72, php73

2020-02-04 22:42:00

Important: php73

2024-02-01 19:33:00

Important: php72

2024-02-14 20:03:00

openwrt

php: Security update (7 CVEs)

2016-01-28 12:23:45

slackware

[slackware-security] php

2015-06-11 23:01:25

securityvulns

[USN-1126-1] PHP vulnerabilities

2011-05-01 00:00:00

PHP multiple security vulnerabilities

2011-05-01 00:00:00

Apple Mac OS X multiple security vulnerabilities

2011-03-23 00:00:00

ubuntu

PHP vulnerabilities

2011-04-29 00:00:00

PHP Regressions

2011-05-05 00:00:00

gentoo

PHP: Multiple vulnerabilities

2011-10-10 00:00:00

cloudlinux

Fix of 227 CVE

2020-10-15 12:00:00

suse

Security update for php53 (important)

2016-06-21 13:08:17

rosalinux

Advisory ROSA-SA-2021-1950

2021-07-02 17:57:45

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

JSON

Related for RH:CVE-2019-11044