Reported February 27, 2002, by e-matters, GmbH.

VERSIONS AFFECTED

  • PHP scripting language, all versions up to 4.2.0

DESCRIPTION

Multiple vulnerabilities exist in the PHP scripting language’s file upload code that can let an attacker remotely compromise a vulnerable server. Several problems exist in the way PHP handles multipart/form-data POST requests. An attacker could use each of these problems to execute arbitrary code on the vulnerable system.

 

VENDOR RESPONSE

 

Affected users should immediately upgrade to the latest version, PHP 4.1.2, or download the appropriate security fix from the PHP Web site.

 

CREDIT
Discovered by Stefan Esser.