Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24750
HistoryApr 10, 2020 - 1:03 a.m.

Arbitrary File Overwrite

2020-04-1001:03:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11

EPSS

0.055

Percentile

93.2%

php is vulnerable to arbitrary file overwrite. The vulnerability exists as an off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the β€œapache” user, preventing it from writing to the root directory.

References