Description

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Remediation

References

CVE-2000-0860

Related Vulnerabilities

WordPress 4.2.x Arbitrary File Deletion Vulnerability (4.2 - 4.2.20)

WordPress 4.5.3 Directory Traversal Vulnerability (4.5.3)

Liferay Portal CVE-2021-38266 Vulnerability (CVE-2021-38266)

WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (3.5)

Ampache Improper Access Control Vulnerability (CVE-2021-21399)

Severity

Medium

Classification

CVE-2000-0860

Tags

Missing Update Known Vulnerabilities