CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
15.7%
The SplFileInfo::getType function in the Standard PHP Library (SPL)
extension in PHP before 5.3.4 on Windows does not properly detect symbolic
links, which might make it easier for local users to conduct symlink
attacks by leveraging cross-platform differences in the stat structure,
related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.