QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-7243

Back to search

CVE-2006-7243

Published: Jan 18, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.

VendorProductVersions

n/a

n/a

affected
n/a

References

44951
vdb-entry
x_refsource_BID
HPSBOV02763
vendor-advisory
x_refsource_HP
55078
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2011-03-21-1
vendor-advisory
x_refsource_APPLE
http://bugs.php.net/39863
x_refsource_CONFIRM
SSRT100826
vendor-advisory
x_refsource_HP
RHSA-2013:1307
vendor-advisory
x_refsource_REDHAT
MDVSA-2010:254
vendor-advisory
x_refsource_MANDRIVA
RHSA-2013:1615
vendor-advisory
x_refsource_REDHAT
SSRT100728
vendor-advisory
x_refsource_HP
oval:org.mitre.oval:def:12569
vdb-entry
signature
x_refsource_OVAL
RHSA-2014:0311
vendor-advisory
x_refsource_REDHAT
FEDORA-2015-8383
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-8281
vendor-advisory
x_refsource_FEDORA
HPSBUX02741
vendor-advisory
x_refsource_HP
FEDORA-2015-8370
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now