Description

This alert was generated using only banner information. It may be a false positive.

PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.

Affected PHP versions (up to 4.1.1).

Remediation

Upgrade PHP to the latest version.

References

BID 4183

PHP homepage

Related Vulnerabilities

WordPress Plugin Google SEO Pressor for Rich snippets Cross-Site Scripting (1.2.6)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Multiple Cross-Site Scripting Vulnerabilities (1.5.45)

Joomla! Core 1.5.x Cross-Site Scripting (1.5.0 - 1.5.9)

WordPress Plugin Digital River Global Commerce Supply Chain Attack [Polyfill.io] (2.0.2)

WordPress Plugin WooCommerce Predictive Search Cross-Site Scripting (1.0.5)

Severity

High

Classification

CVE-2002-0081 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow