Back to search
CVE-2010-1129
Published: Mar 26, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT100018
vendor-advisory
x_refsource_HP
ADV-2010-0479
vdb-entry
x_refsource_VUPEN
http://www.php.net/releases/5_2_13.php
x_refsource_CONFIRM
HPSBMA02554
vendor-advisory
x_refsource_HP
40551
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-08-24-1
vendor-advisory
x_refsource_APPLE
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
38708
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT4312
x_refsource_CONFIRM
1023661
vdb-entry
x_refsource_SECTRACK
ADV-2010-1796
vdb-entry
x_refsource_VUPEN
38431
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now