PHPDeveloper: PHP News, Views and Community

Subscribe

@phpdeveloper.org

News Archive

Community News: Latest PECL Releases (06.17.2025)

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.03.2025)

Community News: Latest PECL Releases (05.27.2025)

Community News: Latest PEAR Releases (05.26.2025)

Community News: Latest PECL Releases (05.20.2025)

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.06.2025)

Community News: Latest PECL Releases (04.29.2025)

Community News: Latest PECL Releases (04.22.2025)

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
File Upload Vulnerability Posted

byChris Cornutt Dec 27, 2004 @ 13:59:40

In a new note from SecurityFocus and PHP Magazine, another PHP vulnerability has been brought to light.

Reportedly PHP is vulnerable to an arbitrary location file upload vulnerability. This issue is due to a failure of the PHP application to properly sanitize user-supplied file name input.

An attacker may exploit this issue to upload files to an arbitrary location on a computer running the affected software. This may facilitate arbitrary server-side script code execution as well as other attacks.

It is reported that this issue only affects PHP versions 4.2.0 and subsequent.

This could definitely be bad news for sites out there allowing file uploads. As of the time of this posting, no other information has been made availible.

tagged:

Link: