Description

PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.

Remediation

References

CVE-2002-2029

Related Vulnerabilities

WordPress Plugin Post Views Counter Cross-Site Scripting (1.3.4)

e107 Other Vulnerability (CVE-2004-2039)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5341)

phpMyAdmin Cryptographic Issues Vulnerability (CVE-2015-3903)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)

Severity

High

Classification

CVE-2002-2029

Tags

Missing Update Known Vulnerabilities