Description

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Remediation

References

CVE-2012-0057

Related Vulnerabilities

MySQL CVE-2017-3312 Vulnerability (CVE-2017-3312)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4940)

PostgreSQL CVE-2023-39418 Vulnerability (CVE-2023-39418)

WordPress Plugin Migration, Backup, Staging-WPvivid SQL Injection (0.9.52)

WordPress Plugin DSGVO All in one for WP Cross-Site Scripting (3.9)

Severity

Medium

Classification

CVE-2012-0057 CWE-264

Tags

Missing Update Known Vulnerabilities