PHP Directory Traversal Vulnerability Network Vulnerability

Summary

PHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can use specially crafted requests with directory- traversal sequences ('../') to retrieve, corrupt or upload arbitrary files in the context of the application. Exploiting this issue may allow an attacker to retrieve, corrupt or upload arbitrary files at arbitrary locations that could aid in further attacks.

Solution

Updates are available. Please see the references for more information.

References

http://www.php.net/
http://www.php.net/archive/2012.php#id2012-04-26-1
http://www.securityfocus.com/bid/53403
https://bugzilla.redhat.com/show_bug.cgi?id=799187

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1172

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apple Safari 'javascript: URI' XSS Vulnerability - Sep09
Adobe Flash Media Server Video Stream Capture Security Issue
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Take action and discover your vulnerabilities