CVE-2011-0754 in PHP정보

요약

\~에 의해 MITRE

The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2011. 02. 02.

공개

2011. 02. 02.

모더레이션

수락

항목

VDB-56313

CPE

준비됨

CWE

CWE-59 (확인됨)

CVSS

4.4 (NVD)

EPSS

0.00339

KEV

아니요

활동

매우 낮음

부문

Pharma, Chemical, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-0754
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0754
CVE Details	https://www.cvedetails.com/cve/CVE-2011-0754/

◂ 이전 개요 다음 ▸

Interested in the pricing of exploits?

See the underground prices here!