PHP Multiple Vulnerabilities -01 March13 (Windows) Network Vulnerability

Summary

This host is running PHP and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to retrieve, corrupt or upload arbitrary files, or can cause denial of service via corrupted $_FILES indexes. Impact Level: Application

Solution

Upgrade to PHP 5.4.0 or later For updates refer to http://www.php.net/downloads.php

Insight

Flaw due to insufficient validation of file-upload implementation in rfc1867.c and it does not handle invalid '[' characters in name values.

Affected

PHP version before 5.4.0

References

http://cxsecurity.com/cveshow/CVE-2012-1172
http://secunia.com/advisories/cve_reference/CVE-2012-1172
http://www.php.net/ChangeLog-5.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-1172

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Adobe ColdFusion HTTP Response Splitting Vulnerability

Take action and discover your vulnerabilities