FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- vulnerability in RFC 1867 file upload processing

Affected packages
php4 <= 4.3.8_2
php4-cgi <= 4.3.8_2
mod_php4 <= 4.3.8_2,1
php5 <= 5.0.1
php5-cgi <= 5.0.1
mod_php5 <= 5.0.1,1

Details

VuXML ID 562a3fdf-16d6-11d9-bc4a-000c41e2cdad
Discovery 2004-09-15
Entry 2004-09-15
Modified 2004-10-12

Stefano Di Paola discovered an issue with PHP that could allow someone to upload a file to any directory writeable by the httpd process. Any sanitizing performed on the prepended directory path is ignored. This bug can only be triggered if the $_FILES element name contains an underscore.

References

Message 1095268057.2818.20.camel@localhost
Message 1096478151.3220.6.camel@localhost

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.