Vulnerabilities

CVE-2006-7243

by Fred · 18/01/2011

PHP before 5.3.4 accepts the character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php.jpg at the end of the argument to the file_exists function.

Date published : 2011-01-18

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://www.securityfocus.com/bid/44951

Similar

Tags: Cybersecurity Alert