The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP prior to 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
php php 3.0.14 |
||
php php 3.0.3 |
||
php php 4.0.1 |
||
php php 4.0.6 |
||
php php 4.0 |
||
php php 4.3.0 |
||
php php 4.3.4 |
||
php php 4.3.6 |
||
php php 4.4.6 |
||
php php 4.4.7 |
||
php php 3.0.13 |
||
php php 3.0.15 |
||
php php 4.4.4 |
||
php php 4.3.3 |
||
php php 1.0 |
||
php php 2.0 |
||
php php 3.0.7 |
||
php php 4.0.2 |
||
php php 4.2.1 |
||
php php 4.2.2 |
||
php php 4.2.0 |
||
php php 4.3.10 |
||
php php 4.3.2 |
||
php php 4.3.9 |
||
php php 4.3.8 |
||
php php 3.0.12 |
||
php php 3.0 |
||
php php 3.0.11 |
||
php php 3.0.10 |
||
php php 3.0.1 |
||
php php 3.0.5 |
||
php php 4.0.7 |
||
php php |
||
php php 3.0.4 |
||
php php 3.0.9 |
||
php php 4.1.2 |
||
php php 4.0.0 |
||
php php 4.3.1 |
||
php php 4.3.11 |
||
php php 4.3.7 |
||
php php 4.4.0 |
||
php php 4.4.9 |
||
php php 4.4.8 |
||
php php 4.4.1 |
||
php php 2.0b10 |
||
php php 3.0.8 |
||
php php 5.3.2 |
||
php php 4.4.3 |
||
php php 3.0.6 |
||
php php 3.0.16 |
||
php php 3.0.17 |
||
php php 4.0.5 |
||
php php 4.0.4 |
||
php php 4.1.0 |
||
php php 4.1.1 |
||
php php 4.2.3 |
||
php php 4.3.5 |
||
php php 4.4.2 |
||
php php 4.4.5 |
||
php php 3.0.18 |
||
php php 3.0.2 |
||
php php 4.0.3 |
||
php php 5.3.0 |
||
php php 5.3.1 |
Vulmon