SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionPHP-specific version of NULL-byte poisoning was briefly described by ShAnKaR :
Poison NULL byte vulnerability for perl CGI applications was described in . ShAnKaR noted, that same vulnerability also affects different PHP applications.
PHP developers report that branch 5.3 received a fix :
Paths with NULL in them (foo\0bar.txt) are now considered as invalid (CVE-2006-7243).
SolutionUpdate the affected packages.