mmartinec

1 exploit Active since Apr 2011
CVE-2011-1487 EXPLOITDB text WRITEUP
Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.