Description

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Remediation

References

CVE-2000-0860

Related Vulnerabilities

WordPress 4.1.x Cross-Domain Flash Injection Vulnerability (4.1 - 4.1.21)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Multiple Cross-Site Request Forgery Vulnerabilities (2.5.6)

Oracle Application Server CVE-2006-0290 Vulnerability (CVE-2006-0290)

WordPress Plugin Quick Page/Post Redirect Security Bypass (5.1.9)

Severity

Medium

Classification

CVE-2000-0860

Tags

Missing Update Known Vulnerabilities