WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Input Validation Vulnerability (CVE-2010-1129)

Description

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

Remediation

References

Related Vulnerabilities

WordPress Plugin Duplicator-WordPress Migration SQL Injection (0.5.14)

WordPress Plugin Contact Form Multi by BestWebSoft Cross-Site Scripting (1.2.0)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.4)

WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)

Severity

High

Classification

CVE-2010-1129 CWE-20

Tags

Missing Update Known Vulnerabilities