Taint Protection Bypass in Perl 5.10.x - 5.13.11

Taint Protection Bypass in Perl 5.10.x - 5.13.11

CVE-2011-1487 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

Learn more about our Web Application Penetration Testing UK.