CVEs-PoC/2016/CVE-2016-4072.md at 18943f3353ca1cc3fd2595afa412856465e29c78

mirror of https://github.com/0xMarcio/cve.git synced 2026-03-10 15:15:49 +00:00

Files

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in ext/phar/phar.c.

POC

Reference

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Github

https://github.com/ARPSyndicate/cvemon

773 B Raw Blame History

CVE-2016-4072

Description

POC

Reference

Github

773 B

Raw Blame History