CVE-2011-2202
published 2011-06-16CVE-2011-2202: The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows…
PriorityP354medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EXPLOIT
EPSS
19.23%
97.0th percentile
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
Affected
67 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | <= 5.3.6 | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_ubuntu7.5HIGH
vendor_redhat6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PHP Vulnerabilities
vendor_ubuntu·2011-10-18·CVSS 7.5
CVE-2010-1914 [HIGH] PHP Vulnerabilities
Title: PHP Vulnerabilities
Summary: Several security issues were fixed in PHP.
Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a
stack-based buffer overflow existed in the socket_connect function's
handling of long pathnames for AF_UNIX sockets. A remote attacker
might be able to exploit this to execute arbitrary code; however,
the default compiler options for affected releases should reduce
the vulnerability to a denial of service. This issue affected Ubuntu
10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938)
Krzysztof Kotowicz discovered that the PHP post handler function
does not properly restrict filenames in multipart/form-data POST
requests. This may allow remote attackers to conduct absolute
path traversal attacks and possibly create or overwrite arbitrar
Red Hat
php: file path injection vulnerability in RFC1867 file upload filename
vendor_redhat·2011-06-12·CVSS 6.4
CVE-2011-2202 [MEDIUM] php: file path injection vulnerability in RFC1867 file upload filename
php: file path injection vulnerability in RFC1867 file upload filename
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
GHSA
GHSA-6qfq-jp45-c2jc: The rfc1867_post_handler function in main/rfc1867
ghsa_unreviewed·2022-05-14
CVE-2011-2202 [MEDIUM] GHSA-6qfq-jp45-c2jc: The rfc1867_post_handler function in main/rfc1867
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
No detection rules found.
http://bugs.php.net/bug.php?id=54939http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://openwall.com/lists/oss-security/2011/06/12/5http://openwall.com/lists/oss-security/2011/06/13/15http://pastebin.com/1edSuSVNhttp://rhn.redhat.com/errata/RHSA-2012-0071.htmlhttp://secunia.com/advisories/44874http://securitytracker.com/id?1025659http://support.apple.com/kb/HT5130http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103http://svn.php.net/viewvc?view=revision&revision=312103http://www.debian.org/security/2011/dsa-2266http://www.mandriva.com/security/advisories?name=MDVSA-2011:165http://www.php.net/ChangeLog-5.php#5.3.7http://www.php.net/archive/2011.php#id2011-08-18-1http://www.redhat.com/support/errata/RHSA-2011-1423.htmlhttp://www.securityfocus.com/bid/48259http://www.securityfocus.com/bid/49241https://exchange.xforce.ibmcloud.com/vulnerabilities/67999http://bugs.php.net/bug.php?id=54939http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlhttp://marc.info/?l=bugtraq&m=133469208622507&w=2http://openwall.com/lists/oss-security/2011/06/12/5http://openwall.com/lists/oss-security/2011/06/13/15http://pastebin.com/1edSuSVNhttp://rhn.redhat.com/errata/RHSA-2012-0071.htmlhttp://secunia.com/advisories/44874http://securitytracker.com/id?1025659http://support.apple.com/kb/HT5130http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/NEWS?view=markup&pathrev=312103http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/main/rfc1867.c?r1=312103&r2=312102&pathrev=312103http://svn.php.net/viewvc?view=revision&revision=312103http://www.debian.org/security/2011/dsa-2266http://www.mandriva.com/security/advisories?name=MDVSA-2011:165http://www.php.net/ChangeLog-5.php#5.3.7http://www.php.net/archive/2011.php#id2011-08-18-1http://www.redhat.com/support/errata/RHSA-2011-1423.htmlhttp://www.securityfocus.com/bid/48259http://www.securityfocus.com/bid/49241https://exchange.xforce.ibmcloud.com/vulnerabilities/67999
2011-06-16
Published