PHP Directory Traversal Vulnerability Network Vulnerability

Summary

PHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to retrieve, corrupt or upload arbitrary files in the context of the application. Exploiting this issue may allow an attacker to retrieve, corrupt or upload arbitrary files at arbitrary locations that could aid in further attacks.

Solution

Updates are available. Please see the references for more information.

References

http://www.php.net/
http://www.php.net/archive/2012.php#id2012-04-26-1
http://www.securityfocus.com/bid/53403
https://bugzilla.redhat.com/show_bug.cgi?id=799187

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1172

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Linux)
Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Mac OS X)

Take action and discover your vulnerabilities