Description

This alert was generated using only banner information. It may be a false positive.

PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user.

Affected PHP versions (up to 3.0.16, 4.0.2).

Remediation

Upgrade PHP to the latest version.

References

BID 1649

PHP Homepage

Related Vulnerabilities

XWiki Missing Authentication for Critical Function Vulnerability (CVE-2022-24820)

PleskWin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.7.5)

Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)

Internet Information Services Other Vulnerability (CVE-2011-5279)

Severity

Medium

Classification

CVE-2000-0860 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure