Description

This alert was generated using only banner information. It may be a false positive.

PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user.

Affected PHP versions (up to 3.0.16, 4.0.2).

Remediation

Upgrade PHP to the latest version.

References

BID 1649

PHP Homepage

Related Vulnerabilities

Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4939)

WordPress Plugin WP Fusion Lite-Marketing Automation for WordPress Multiple Vulnerabilities (3.37.18)

PHP Improper Input Validation Vulnerability (CVE-2020-7071)

WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)

Severity

Medium

Classification

CVE-2000-0860 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure