Back to search
CVE-2012-0057
Published: Feb 2, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
HPSBMU02786
vendor-advisory
x_refsource_HP
[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
DSA-2399
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
SUSE-SU-2012:0411
vendor-advisory
x_refsource_SUSE
http://php.net/ChangeLog-5.php#5.3.9
x_refsource_CONFIRM
openSUSE-SU-2012:0426
vendor-advisory
x_refsource_SUSE
SUSE-SU-2012:0472
vendor-advisory
x_refsource_SUSE
[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
48668
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
[oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
php-libxslt-security-bypass(72908)
vdb-entry
x_refsource_XF
[oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
SSRT100877
vendor-advisory
x_refsource_HP
[oss-security] 20120113 CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
https://bugs.php.net/bug.php?id=54446
x_refsource_CONFIRM
[oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ?
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now