Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character, which causes an out-of-bounds read and might (1) allow remote attackers to obtain sensitive information from php-cgi process memory by leveraging the ability to upload a .php file or (2) trigger unexpected code execution if a valid PHP script is present in memory locations adjacent to the mapping.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP CGI组件缓冲区溢出漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP的CGI组件中的sapi/cgi/cgi_main.c文件中存在安全漏洞,该漏洞源于程序使用mmap读取.php文件时,处理无效文件时没有正确验证映射的长度。远程攻击者可通过上传.php文件利用该漏洞获取php-cgi进程内存中的敏感信息;通过将有效的PHP脚本放置在与映射邻近的内存位置
CVSS Information
N/A
Vulnerability Type
N/A