Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Temporary files are not cleaned after OOM when parsing HTTP request data
Vulnerability Description
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
PHP 输入验证错误漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHPGroup和开放源代码社区的共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 7.2.31之前的7.2.x版本、7.3.18之前的7.3.x版本和7.4.6之前的7.4.x版本中存在输入验证错误漏洞,该漏洞源于在通过HTTP协议上传文件时,如果文件名或字段名过长,PHP引擎会分配过大内存,达到内存限制并停止处理请求,但不会清除创建的临时文件。攻击者可利用该漏洞导
CVSS Information
N/A
Vulnerability Type
N/A