Description
Reference

CVE-2012-0057 Information

Share on:

Feb 14, 2021 cve

Description

PHP before 5.3.9 has improper libxslt security settings which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00001.html http://openwall.com/lists/oss-security/2012/01/13/10 http://openwall.com/lists/oss-security/2012/01/13/4 http://openwall.com/lists/oss-security/2012/01/13/5 http://openwall.com/lists/oss-security/2012/01/13/6 http://openwall.com/lists/oss-security/2012/01/13/7 http://openwall.com/lists/oss-security/2012/01/14/1 http://openwall.com/lists/oss-security/2012/01/14/2 http://openwall.com/lists/oss-security/2012/01/14/3 http://openwall.com/lists/oss-security/2012/01/15/1 http://openwall.com/lists/oss-security/2012/01/15/10 http://openwall.com/lists/oss-security/2012/01/15/2 http://openwall.com/lists/oss-security/2012/01/18/3 http://php.net/ChangeLog-5.php5.3.9 http://secunia.com/advisories/48668 http://www.debian.org/security/2012/dsa-2399 https://bugs.php.net/bug.php?id=54446 https://exchange.xforce.ibmcloud.com/vulnerabilities/72908