Description

rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.

Remediation

References

CVE-2004-0959

Related Vulnerabilities

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17449)

WordPress Plugin My Calendar Multiple Vulnerabilities (2.3.29)

WordPress Plugin LearnPress-WordPress LMS Multiple Cross-Site Scripting Vulnerabilities (4.1.3)

WordPress Plugin WP Human Resource Management Security Bypass (2.2.14)

WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.3)

Severity

Low

Classification

CVE-2004-0959

Tags

Missing Update Known Vulnerabilities