Re: ShAnKaR: multiple PHP application poison NULL byte vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I fail to see how this affects PunBB. The first thing PunBB does after receiving an uploaded avatar is:

move_uploaded_file($uploaded_file['tmp_name'], $pun_config['o_avatars_dir'].'/'.$id.'.tmp')

After that, $uploaded_file['tmp_name'] isn't used anymore. Am I missing something here or what?

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux