CVE-2006-2660
Last modified
CVE-2006-2660 is a vulnerability of currently unknown severity. Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Php | Php | 4.0.0 |
| Php | Php | 4.0.1 |
| Php | Php | 4.0.2 |
| Php | Php | 4.0.3 |
| Php | Php | 4.0.4 |
| Php | Php | 4.0.5 |
| Php | Php | 4.1.0 |
| Php | Php | 4.1.1 |
| Php | Php | 4.1.2 |
| Php | Php | 4.2.0 |
| Php | Php | 4.2.1 |
| Php | Php | 4.2.2 |
| Php | Php | 4.2.3 |
| Php | Php | 4.3.0 |
| Php | Php | 4.3.1 |
| Php | Php | 4.3.2 |
| Php | Php | 4.3.3 |
| Php | Php | 4.3.4 |
| Php | Php | 4.3.5 |
| Php | Php | 4.3.6 |
| Php | Php | 4.3.7 |
| Php | Php | 4.3.8 |
| Php | Php | 4.3.9 |
| Php | Php | 4.3.10 |
| Php | Php | 4.3.11 |
| Php | Php | 4.4.0 |
| Php | Php | 4.4.1 |
| Php | Php | 4.4.2 |
| Php | Php | 4.4.3 |
| Php | Php | 5.1.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2660?
How severe is CVE-2006-2660?
How do I fix CVE-2006-2660?
Are you affected by CVE-2006-2660?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST