Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP GD组件安全漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。GD是其中的一个图形扩展库组件。 PHP 5.4.32之前5.4.x版本和5.5.16之前5.5.x版本的GD组件的gd_ctx.c文件中存在安全漏洞,该漏洞源于程序没有验证路径名是否缺少‘%00’序列。远程攻击者可通过向调用多个函数(imagegd,imagegd2,imagegif,imagejpeg,imagepng,imagewbmp或i
CVSS Information
N/A
Vulnerability Type
N/A