Fluid Attacks Database

Description

It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	php	<0:5.4.16-36.el7_1	0:5.4.16-36.el7_1
rpm rhel5	php53	-	-
rpm rhel6	php	<0:5.3.3-46.el6_6	0:5.3.3-46.el6_6
rpm rhel5	php	-	-

Aliases

1. CVE-2015-34112. NVD-2015-34113. OSV-2015-3411