Description

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Remediation

References

CVE-2000-0860

Related Vulnerabilities

WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)

WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)

Moodle CVE-2022-40314 Vulnerability (CVE-2022-40314)

Joomla Improper Input Validation Vulnerability (CVE-2021-26029)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-1476)

Severity

Medium

Classification

CVE-2000-0860

Tags

Missing Update Known Vulnerabilities