In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2019-12-23T02:40:16.742266Z
Updated: 2024-09-17T01:47:06.457Z
Reserved: 2019-04-09T00:00:00
Link: CVE-2019-11044
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-23T03:15:10.913
Modified: 2024-11-21T04:20:26.257
Link: CVE-2019-11044
Redhat