admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 09:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-11045.md

20 lines
905 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2019-11045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11045)
![](https://img.shields.io/static/v1?label=Product&message=PHP&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.2.x%3C%207.2.26%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-170%20Improper%20Null%20Termination&color=brighgreen)
### Description
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
### POC
#### Reference
- https://bugs.php.net/bug.php?id=78863
Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00
- https://bugs.php.net/bug.php?id=78863
Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Live-Hack-CVE/CVE-2019-11045
Reference in New Issue Copy Permalink