Description

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Remediation

References

CVE-2000-0860

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2015-8562)

WebLogic CVE-2024-20986 Vulnerability (CVE-2024-20986)

EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)

WordPress Plugin Simple Ads Manager Denial of Service (2.9.3.114)

Ampache Improper Access Control Vulnerability (CVE-2021-21399)

Severity

Medium

Classification

CVE-2000-0860

Tags

Missing Update Known Vulnerabilities