CVE-2023-52044: Php Mime Blocklist Missing Php8 Php9
PHP MIME-type blocklist maps PHP variants (e.g., 'php7:*' => 'text/x-php') but omits 'php8:*' and/or 'php9:*'. Uploaded files with a .php8 / .php9 extension will not be reclassified as text/x-php and may bypass the PHP-handler blocklist, leading to Remote Code Execution on servers that execute these extensions as PHP (CVE-2023-52044, CWE-434).
greprules fetch cve-2023-52044-php-mime-blocklist-missing-php8-php9 --engine opengrepDescription
PHP MIME-type blocklist maps PHP variants (e.g., 'php7:*' => 'text/x-php') but omits 'php8:*' and/or 'php9:*'. Uploaded files with a .php8 / .php9 extension will not be reclassified as text/x-php and may bypass the PHP-handler blocklist, leading to Remote Code Execution on servers that execute these extensions as PHP (CVE-2023-52044, CWE-434).
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.