Security Advisory

CVE-2010-1129

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2010-03-26 20:00:00

Last updated 2024-08-07 01:14:06

Assigner mitre

State PUBLISHED

Description

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

← Browse all CVEs View on cve.org ↗