CVEs-PoC/2016/CVE-2016-4072.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-14 16:32:48 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

784 B

Raw Permalink Blame History

CVE-2016-4072

Description

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

POC

Reference

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Github

https://github.com/ARPSyndicate/cvemon

784 B Raw Permalink Blame History

CVE-2016-4072

Description

POC

Reference

Github

784 B

Raw Permalink Blame History