CVE-2015-2348 (retired)

Priority
Description
The move_uploaded_file implementation in ext/standard/basic_functions.c in
PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a
pathname upon encountering a \x00 character, which allows remote attackers
to bypass intended extension restrictions and create files with unexpected
names via a crafted second argument. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2006-7243.
Notes
 mdeslaur> fixed in lucid's php5-CVE-2006-7243.patch, and is fixed in
 mdeslaur> precise also. Seems to be a regression in 5.4+
Assigned-to
mdeslaur
More Information

Updated: 2019-09-19 15:53:00 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)