CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
93.2%
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7
does not properly restrict filenames in multipart/form-data POST requests,
which allows remote attackers to conduct absolute path traversal attacks,
and possibly create or overwrite arbitrary files, via a crafted upload
request, related to a “file path injection vulnerability.”
Author | Note |
---|---|
mdeslaur | PoC: http://pastebin.com/1edSuSVN |