Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.

Remediation

References

CVE-2002-1954

Related Vulnerabilities

MySQL CVE-2018-2591 Vulnerability (CVE-2018-2591)

WordPress Plugin Contact Form 7 Arbitrary File Upload (5.3.1)

WordPress Plugin Booking Calendar Cross-Site Scripting (7.1)

WordPress Plugin BuddyPress Cross-Site Scripting (2.2.2.1)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.5)

Severity

Medium

Classification

CVE-2002-1954

Tags

Missing Update Known Vulnerabilities