admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-11044.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

852 B
Raw Blame History

CVE-2019-11044

Description

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

POC

Reference

Github

No PoCs found on GitHub currently.