Reported February 27, 2002, by e-matters, GmbH.
VERSIONS AFFECTED
-
PHP scripting language, all versions up to 4.2.0
DESCRIPTION
Multiple vulnerabilities exist in the PHP scripting
language’s file upload code that can let an attacker remotely compromise a
vulnerable server. Several problems exist in the way PHP handles
multipart/form-data POST requests. An attacker could use each of these problems
to execute arbitrary code on the vulnerable system.
VENDOR RESPONSE
Affected users should immediately upgrade to the latest version, PHP 4.1.2, or download the appropriate security fix from the PHP Web site.
CREDIT
Discovered by Stefan
Esser.
0 comments
Hide comments