pload Temp Directory is Everyone

The Tmp dir is used to store temporary files that need to be uploaded to the server. There are many servers having this vulnerability through which, the Upload tmp dir is accessible to everyone. The upload_tmp_dir allows a developer to specify where uploaded files should be saved until the handling script moves them to a more permanent location. If this file is within the document root of the website and/or accessible to system users other than PHP’s user, it could be modified or overwritten while PHP is processing it. By default, upload_tmp_dir is set to the system’s standard temporary directory, which can typically be accessed by all system users.

Impact

The impact include:-

  • Denial of service attack
  • Code injection attacks

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Try to upload tmp dir outside the document root of the web application.
  • Make sure to Upload tmp dir to a non-readable or writable folder so that no other system users can modify the contents of the folder.

Latest Articles