7.5

CVE-2010-1129

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version5.2.0
PhpPhp Version5.2.1
PhpPhp Version5.2.2
PhpPhp Version5.2.3
PhpPhp Version5.2.4
PhpPhp Version5.2.5
PhpPhp Version5.2.6
PhpPhp Version5.2.7
PhpPhp Version5.2.8
PhpPhp Version5.2.9
PhpPhp Version5.2.10
PhpPhp Version5.2.11
PhpPhp Version5.2.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.54% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.php.net/ChangeLog-5.php
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://secunia.com/advisories/40551
http://www.vupen.com/english/advisories/2010/1796
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://support.apple.com/kb/HT4312
http://secunia.com/advisories/38708
Vendor Advisory
http://www.php.net/releases/5_2_13.php
Patch
http://www.vupen.com/english/advisories/2010/0479
Vendor Advisory
http://securitytracker.com/id?1023661
http://www.securityfocus.com/bid/38431