Description

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Remediation

References

CVE-2001-1385

Related Vulnerabilities

WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)

WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)

WordPress Plugin Spiffy XSPF Player SQL Injection (0.1)

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23871)

SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)

Severity

Medium

Classification

CVE-2001-1385

Tags

Missing Update Known Vulnerabilities