In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Dec 2022, 21:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:tenable:securitycenter:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* |
First Time |
Tenable securitycenter
Tenable |
|
References |
|
30 Jan 2021, 02:34
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) https://seclists.org/bugtraq/2021/Jan/3 - Mailing List, Third Party Advisory |
17 Jan 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-23 03:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-11045
Mitre link : CVE-2019-11045
CVE.ORG link : CVE-2019-11045
JSON object : View
Products Affected
php
- php
opensuse
- leap
tenable
- securitycenter
debian
- debian_linux
canonical
- ubuntu_linux
fedoraproject
- fedora