PHP 4.3.0 file disclosure and possible code execution

PHP 4.3.0 file disclosure and possible code execution

Published on 2004-03-27. Updated on 2007-03-20.

Description:

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).

Affected PHP version 4.3.0.

Impact:
File disclosure and possible code execution.

Recommendation:
Upgrade PHP to the latest version.

Tags: Scripts

Alert Tags: configuration
ApplicableApplicationServer : PHP
ApplicableOS: All
ApplicableWebServer: All

References:

CVE 2003-0097

PHP Homepage

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking