漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Special characters break path parsing in XML functions
Vulnerability Description
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
特殊元素净化处理不恰当
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP是一种在服务器端执行的脚本语言。 PHP 存在安全漏洞,攻击者可以通过 Xml 函数空字符绕过 PHP 的访问限制,以读取或更改文件。
CVSS Information
N/A
Vulnerability Type
N/A