Description

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

Remediation

References

CVE-2009-3557

Related Vulnerabilities

WordPress Plugin Simple Ads Manager Arbitrary File Upload (2.5.94)

WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)

WordPress Plugin Admin side data storage for Contact Form 7 Cross-Site Scripting (1.1.1)

WordPress Plugin Advanced Access Manager Cross-Site Scripting (6.7.9)

WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)

Severity

Medium

Classification

CVE-2009-3557 CWE-264

Tags

Missing Update Known Vulnerabilities