PHP prior to 5.2.12 and 5.3.x prior to 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote malicious users to cause a denial of service (resource exhaustion), and makes it easier for remote malicious users to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
php php 5.3.0 |
||
debian debian linux 5.0 |
||
apple mac os x 10.6.3 |
||
debian debian linux 4.0 |
||
debian debian linux 6.0 |