CVE-2019-11045
DirectoryIterator class silently truncates after a null byteIn PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
We have discovered 571,903 live websites that are affected by CVE-2019-11045.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.2 before 7.2.26
- from 7.3 before 7.3.13
- from 7.4 before 7.4.1
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 571,903 live websites (4.73% of PHP install base) |
Common Weakness Enumeration
CWE-170 Improper Null Termination
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2019-11045 and the relative popularity of websites