Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.

Remediation

References

CVE-2002-1954

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

WordPress Plugin Image Slider by Ays-Responsive Slider and Carousel SQL Injection (2.4.9)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Oracle Application Server Other Vulnerability (CVE-2006-5361)

Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)

Severity

Medium

Classification

CVE-2002-1954

Tags

Missing Update Known Vulnerabilities