4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
14.6%
The SplFileInfo::getType function in the Standard PHP Library (SPL)
extension in PHP before 5.3.4 on Windows does not properly detect symbolic
links, which might make it easier for local users to conduct symlink
attacks by leveraging cross-platform differences in the stat structure,
related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.