Description

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Remediation

References

CVE-2011-1487

Related Vulnerabilities

WordPress 'admin-ajax.php' SQL Injection Vulnerability (2.1.3)

TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099)

WordPress Plugin Contact Form 7 Captcha Cross-Site Request Forgery (0.0.8)

PHP Numeric Errors Vulnerability (CVE-2008-4107)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16893)

Severity

Medium

Classification

CVE-2011-1487 CWE-264

Tags

Missing Update Known Vulnerabilities