PHP CVE-2012-1172 Directory Traversal Vulnerability

PHP is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to retrieve, corrupt or upload arbitrary files in the context of the application.

Exploiting this issue may allow an attacker to retrieve, corrupt or upload arbitrary files at arbitrary locations that could aid in further attacks.


 

Privacy Statement
Copyright 2010, SecurityFocus