Description
PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.15)
WordPress Plugin Time Sheets Multiple Cross-Site Scripting Vulnerabilities (1.5.1)
Internet Information Services Other Vulnerability (CVE-2002-0071)
WordPress Plugin Essential Addons for Elementor Server-Side Request Forgery (2.9.8)