PHP Upload Arbitrary File Disclosure Vulnerability

PHP's handling of uploads means that PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user. This may permit a remote user to read any file located on the server which is readable by a user of the server's privilege level.


 

Privacy Statement
Copyright 2010, SecurityFocus