Vulnerabilities > CVE-2021-21707

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2021-11-29

Updated: 2023-02-16

Summary

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Vulnerable Configurations

Part	Description	Count
Application	Php PHP PHP 8.0.0 PHP PHP 8.0.1 PHP PHP 8.0.2 PHP PHP 8.0.3 PHP PHP 8.0.4 PHP PHP 8.0.5 PHP PHP 8.0.6 PHP PHP 8.0.7 PHP PHP 8.0.8 PHP PHP 8.0.9 PHP PHP 8.0.10 PHP PHP 8.0.11 PHP PHP 8.0.12 PHP PHP 7.4.0 PHP PHP 7.4.1 PHP PHP 7.4.2 PHP PHP 7.4.3 PHP PHP 7.4.4 PHP PHP 7.4.5 PHP PHP 7.4.6 PHP PHP 7.4.7 PHP PHP 7.4.8 PHP PHP 7.4.9 PHP PHP 7.4.10 PHP PHP 7.4.11 PHP PHP 7.4.12 PHP PHP 7.4.13 PHP PHP 7.4.14 PHP PHP 7.4.15 PHP PHP 7.4.16 PHP PHP 7.4.17 PHP PHP 7.4.18 PHP PHP 7.4.19 PHP PHP 7.4.20 PHP PHP 7.4.21 PHP PHP 7.4.22 PHP PHP 7.4.23 PHP PHP 7.4.24 PHP PHP 7.4.25 PHP PHP 7.3.0 PHP PHP 7.3.1 PHP PHP 7.3.2 PHP PHP 7.3.3 PHP PHP 7.3.4 PHP PHP 7.3.5 PHP PHP 7.3.6 PHP PHP 7.3.7 PHP PHP 7.3.8 PHP PHP 7.3.9 PHP PHP 7.3.10 PHP PHP 7.3.11 PHP PHP 7.3.12 PHP PHP 7.3.13 PHP PHP 7.3.14 PHP PHP 7.3.15 PHP PHP 7.3.16 PHP PHP 7.3.17 PHP PHP 7.3.18 PHP PHP 7.3.19 PHP PHP 7.3.20 PHP PHP 7.3.21 PHP PHP 7.3.22 PHP PHP 7.3.23 PHP PHP 7.3.24 PHP PHP 7.3.25 PHP PHP 7.3.26 PHP PHP 7.3.27 PHP PHP 7.3.28 PHP PHP 7.3.29 PHP PHP 7.3.30 PHP PHP 7.3.31 PHP PHP 7.3.32	166
Application	Netapp Netapp Clustered Data Ontap -	1
Application	Tenable Tenable Tenable.Sc - Tenable Tenable.Sc 5.13.0 Tenable Tenable.Sc 5.14.0 Tenable Tenable.Sc 5.14.1 Tenable Tenable.Sc 5.16.0 Tenable Tenable.Sc 5.17.0 Tenable Tenable.Sc 5.18.0 Tenable Tenable.Sc 5.19.0 Tenable Tenable.Sc 5.19.1 Tenable Tenable.Sc 5.20.0 Tenable Tenable.Sc 5.20.1	11
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Vulnerabilities > CVE-2021-21707 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2021-21707"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2021-21707