VYPR
Unrated severityNVD Advisory· Published Dec 23, 2019· Updated Sep 16, 2024

DirectoryIterator class silently truncates after a null byte

CVE-2019-11045

Description

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

65

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.