Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP ‘rfc1867.c’ 路径遍历漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 5.4.0之前的rfc1867.c中的file-upload实现中存在漏洞,该漏洞源于在name值中未正确处理无效‘[(左方括号)’的字符。远程攻击者可通过利用缺少文件名限制的脚本在多个文件上传期间执行目录遍历攻击,或导致拒绝服务(畸形$_FILES索引)。
CVSS Information
N/A
Vulnerability Type
N/A