| VID |
22943 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its banner, the version of PHP running on the remote web server is 7.4.x prior to 7.4.5. It is, therefore, affected by an out-of-bounds read error in urldecode() due to improper data validation checks. An attacker can exploit this, by inserting negative hex values to leak values that are found in the memory before the array.
* References:
https://bugs.php.net/bug.php?id=79465
https://www.php.net/ChangeLog-7.php
* Platforms Affected:
PHP Prior to 7.4.5
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.4.5 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
CVE-2020-7067 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
