PHP 5.2.x < 5.2.12 Multiple Vulnerabilities

According to its banner, the version of PHP 5.2.x installed on the remote host is earlier than 5.2.12. Such versions are potentially affected by multiple vulnerabilities :

• A safe_mode bypass in tempnam(). (CVE-2009-3557)

• An open_basedir bypass in posix_mkfifo(). (CVE-2009-3558)

• A possible denial-of-service via temporary file exhaustion caused by a failure to limit the number of file uploads per request. (CVE-2009-4017)

• An arbitrary code execution vulnerability in the ‘session.save_path()’ function and the ‘$_SESSION’ data structure. (CVE-2009-4143)

• A cross-site scripting vulnerability becuase the ‘htmlspecialcharacters()’ function fails to properly handle some malformed multibyte character sequences.