Description

This alert was generated using only banner information. It may be a false positive.

PHP does not perform proper bounds checking on in functions related to Form-based File Uploads in HTML (RFC1867). Specifically, this problem occurs in the functions which are used to decode MIME encoded files. As a result, it may be possible to overrun the buffer used for the vulnerable functions to cause arbitrary attacker-supplied instructions to be executed.

Affected PHP versions (up to 4.1.1).

Remediation

Upgrade PHP to the latest version.

References

BID 4183

PHP homepage

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26079)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)

WordPress Plugin ImageMagick Engine Cross-Site Request Forgery (1.7.4)

WordPress Plugin WhyDoWork AdSense Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.2)

MediaWiki Incorrect Authorization Vulnerability (CVE-2023-22945)

Severity

High

Classification

CVE-2002-0081 CWE-119 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Buffer Overflow