Lucene search
Ubuntu.comUB:CVE-2006-7243HistoryJan 18, 2011 - 12:00 a.m.
CVE-2006-7243
2011-01-1800:00:00
ubuntu.com
ubuntu.com
26
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.7%
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by
placing a safe file extension after this character, as demonstrated by
.php\0.jpg at the end of the argument to the file_exists function.
Bugs
Notes
| Author | Note |
|---|---|
| sbeattie | upstream only prepared a fix for the 5.3 tree. Backporting the fix to 5.2.x requires modifying php APIs. |
Related
nessus
nessus
FreeBSD : php -- NULL byte poisoning (3761df02-0f9c-11e0-becc-0022156e8794)
2011-01-13 00:00:00
Scientific Linux Security Update : php on SL5.x i386/x86_64 (20140318)
2014-03-20 00:00:00
Oracle Linux 5 : php (ELSA-2014-0311)
2014-03-19 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:51:41
openvas
openvas
FreeBSD Ports: php5
2011-01-24 00:00:00
FreeBSD Ports: php5
2011-01-24 00:00:00
RedHat Update for php RHSA-2014:0311-01
2014-03-20 00:00:00
cve
cve
seebug
seebug
PHP空字符安全限制绕过漏洞(CVE-2006-7243)
2012-04-12 00:00:00
freebsd
freebsd
php -- NULL byte poisoning
2010-12-10 00:00:00
php -- multiple vulnerabilities
2015-05-14 00:00:00
prion
prion
Design/Logic Flaw
2015-06-09 18:59:00
Code injection
2015-06-09 18:59:00
Information disclosure
2015-03-30 10:59:00
redhat
redhat
(RHSA-2014:0311) Critical: php security update
2014-03-18 00:00:00
(RHSA-2013:1615) Moderate: php security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1307) Moderate: php53 security, bug fix and enhancement update
2013-09-30 16:52:28
ubuntucve
ubuntucve
oraclelinux
oraclelinux
php security update
2014-03-18 00:00:00
php security, bug fix, and enhancement update
2013-11-25 00:00:00
php53 security, bug fix and enhancement update
2013-10-02 00:00:00
thn
thn
Seagate NAS Zero-Day Vulnerability allows Unauthorized Root Access Remotely
2015-03-01 00:50:00
redhatcve
redhatcve
CVE-2019-11044
2020-03-28 20:00:41
centos
centos
php security update
2014-03-19 01:15:26
php security update
2013-11-26 13:32:36
php53 security update
2013-10-07 12:42:03
osv
osv
php5 - security update
2016-02-29 00:00:00
php5 - security update
2015-09-07 00:00:00
f5
f5
SOL16993 - PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K16993 : PHP vulnerabilities CVE-2015-4025 and CVE-2015-4026
2015-07-22 00:00:00
K13519 : Multiple PHP vulnerabilities
2013-09-20 00:00:00
debian
debian
[SECURITY] [DLA 444-1] php5 security update
2016-02-29 18:41:39
[SECURITY] [DLA 307-1] php5 security update
2015-09-07 20:21:46
fedora
fedora
[SECURITY] Fedora 22 Update: php-5.6.9-1.fc22
2015-05-26 03:40:42
[SECURITY] Fedora 21 Update: php-5.6.9-1.fc21
2015-05-27 16:13:20
[SECURITY] Fedora 20 Update: php-5.5.25-1.fc20
2015-05-27 16:23:41
openwrt
openwrt
php: Security update (7 CVEs)
2016-01-28 12:23:45
slackware
slackware
[slackware-security] php
2015-06-11 23:01:25
securityvulns
securityvulns
[USN-1126-1] PHP vulnerabilities
2011-05-01 00:00:00
PHP multiple security vulnerabilities
2011-05-01 00:00:00
Apple Mac OS X multiple security vulnerabilities
2011-03-23 00:00:00
ubuntu
ubuntu
PHP Regressions
2011-05-05 00:00:00
PHP vulnerabilities
2011-04-29 00:00:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2011-10-10 00:00:00
cloudlinux
cloudlinux
Fix of 227 CVE
2020-10-15 12:00:00
suse
suse
Security update for php53 (important)
2016-06-21 13:08:17
rosalinux
rosalinux
Advisory ROSA-SA-2021-1950
2021-07-02 17:57:45
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.7%
Related for UB:CVE-2006-7243