Title: PHP Upload Arbitrary File Disclosure Vulnerability
Severity: MODERATE
Description:
PHP's handling of uploads means that PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user. This may permit a remote user to read any file located on the server which is readable by a user of the server's privilege level.
Affected Products:
- PHP PHP 3.0.00
- PHP PHP 3.0.1
- PHP PHP 3.0.10
- PHP PHP 3.0.11
- PHP PHP 3.0.12
- PHP PHP 3.0.13
- PHP PHP 3.0.2
- PHP PHP 3.0.3
- PHP PHP 3.0.4
- PHP PHP 3.0.5
- PHP PHP 3.0.6
- PHP PHP 3.0.7
- PHP PHP 3.0.8
- PHP PHP 3.0.9
- PHP PHP 4.0.0 0
- PHP PHP/FI 1.0.0
- PHP PHP/FI 2.0.0
- PHP PHP/FI 2.0.0b10
- Sun 2800 Workgroup NTT/KOBE 2800WGJ-KOBE 0.0.0
References:
- PHP Development Team.: PHP Arbitrary File Disclosure - original PHP posting
- PHP Development Team.: PHP bug database ID#6496
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
