प्लेटफ़ॉर्म
php
घटक
php
में ठीक किया गया
7.3.26
7.4.14
8.0.1
CVE-2020-7071 is a vulnerability in PHP's URL validation process. It allows an attacker to craft a URL containing an invalid password that will be incorrectly validated as a legitimate URL by functions like filter_var. This can lead to misinterpretation of URL components and potentially unexpected behavior in applications relying on URL validation. The vulnerability impacts PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14, and 8.0.0, and a patch is available in PHP 8.0.1.
CVE-2020-7071 in PHP affects versions 7.3.x below 7.3.26, 7.4.x below 7.4.14, and 8.0.0. This vulnerability allows the filtervar() function with the FILTERVALIDATE_URL filter to accept URLs containing invalid password information as valid URLs. This is due to an incorrect URL format validation. The primary impact is that applications relying on correct URL validation may process incorrect data, potentially leading to application logic errors, unexpected behavior, or, in more severe cases, exposure of sensitive information if the URL is used to construct commands or access resources. The vulnerability does not require authentication to be exploited, increasing its risk.
An attacker could exploit this vulnerability by injecting malicious URLs containing invalid password information into fields validated with filtervar($url, FILTERVALIDATE_URL). If the application uses this validated URL to construct commands or access resources, the attacker could manipulate the application's behavior. For example, if the URL is used in a redirection function, the attacker could redirect users to a malicious website. The ease of exploitation and the wide range of potential impacts make this vulnerability a significant concern for system administrators and PHP application developers.
एक्सप्लॉइट स्थिति
EPSS
7.00% (91% शतमक)
CVSS वेक्टर
The solution to mitigate CVE-2020-7071 is to upgrade to a PHP version that has patched the vulnerability. This includes PHP 7.3.26 or higher, PHP 7.4.14 or higher, or PHP 8.0.1 or higher. If immediate upgrading is not possible, it is recommended to implement additional validations in the application code to verify the validity of URLs before using them. These validations could include using stricter regular expressions or verifying the existence of the resource the URL points to. Thorough testing should be performed after applying any solution to ensure the vulnerability has been effectively mitigated and the application functions correctly.
Actualice a la última versión de PHP. Específicamente, actualice a la versión 7.3.26 o superior, 7.4.14 o superior, o 8.0.1 o superior. Esto corregirá la vulnerabilidad en la función de validación de URL.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
Versions 7.3.x below 7.3.26, 7.4.x below 7.4.14, and 8.0.0 are vulnerable to CVE-2020-7071.
Check the PHP version installed on your server. If it's one of the mentioned versions, it's likely vulnerable.
Implement additional validations in your code to verify the validity of URLs before using them, such as stricter regular expressions.
Any string of characters that is interpreted as an invalid password in the context of URL validation.
You can find more information in the PHP security advisory and vulnerability databases like CVE.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।