CVE-2021-21707 in Communications User Data Repositoryinformação

Sumário

de MITRE • 29/11/2021

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

PHP Group

Reservar

04/01/2021

Divulgação

29/11/2021

Moderação

aceite

Entrada

Relacionar

mostrar

CPE

pronto

CWE

CWE-200 (confirmado)

CVSS

5.0 (NVD)

EPSS

0.00563

KEV

não

Atividades

muito baixo

Sector

Industry, Government, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2021-21707
NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-21707
CVE Details	https://www.cvedetails.com/cve/CVE-2021-21707/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!