In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
20 Dec 2022, 21:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:* |
References |
|
Information
Published : 2019-12-23 03:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-11045
Mitre link : CVE-2019-11045
CVE.ORG link : CVE-2019-11045
JSON object : View
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
php
- php
opensuse
- leap
tenable
- securitycenter
fedoraproject
- fedora