Description
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.0.9)
WordPress Plugin Breezing Forms Cross-Site Scripting (1.2.7.33)
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)