Description

PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.

Remediation

References

CVE-2002-2029

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2006-6383)

WordPress Plugin WP Super Cache Cross-Site Scripting (1.4.2)

WordPress Plugin Football Pool Arbitrary File Upload (2.6.3)

WordPress 4.5.x Cross-Site Scripting Vulnerability (4.5 - 4.5.1)

Oracle JRE CVE-2013-1475 Vulnerability (CVE-2013-1475)

Severity

High

Classification

CVE-2002-2029

Tags

Missing Update Known Vulnerabilities