In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2019-12-23T02:40:17.130519Z
Updated: 2024-09-16T17:32:41.178Z
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11045
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-23T03:15:11.630
Modified: 2023-11-07T03:02:38.190
Link: CVE-2019-11045
Redhat