Description
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
Remediation
References
Related Vulnerabilities
WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)
WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)
Moodle CVE-2022-40314 Vulnerability (CVE-2022-40314)
Joomla Improper Input Validation Vulnerability (CVE-2021-26029)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-1476)