PHP VCWD_RENAME Information Disclosure Vulnerability



A vulnerability in PHP could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability is related to VCWD_RENAME() and is due to improper file handling by the affected software when performing file rename operations across devices. An attacker could exploit this vulnerability by accessing a file during a rename operation by the new file name prior to the completion of the rename operation. A successful exploit could allow the attacker to access sensitive, file-based, information and use the information to launch additional attacks.

The PHP Project has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-9637

Source:: Cisco Multivendor Vulnerability Alerts