Description

PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI module, allows remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension, as demonstrated using foo..php.

Remediation

References

CVE-2008-3660

Related Vulnerabilities

WordPress Plugin Velvet Blues Update URLs Unspecified Vulnerability (2.1)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9402)

WordPress Plugin PollDeep Arbitrary File Upload (1.2)

WordPress Plugin Analytics Tracker Cross-Site Scripting (1.1.0)

Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2019-8158)

Severity

Medium

Classification

CVE-2008-3660 CWE-20

Tags

Missing Update Known Vulnerabilities