7.5
CVE-2010-1129
- EPSS 2.54%
- Veröffentlicht 26.03.2010 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:17:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.54% | 0.83 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.php.net/ChangeLog-5.php
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083
http://secunia.com/advisories/40551
http://www.vupen.com/english/advisories/2010/1796
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://support.apple.com/kb/HT4312
http://secunia.com/advisories/38708
http://www.php.net/releases/5_2_13.php
http://www.vupen.com/english/advisories/2010/0479
http://securitytracker.com/id?1023661
http://www.securityfocus.com/bid/38431