Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.

Remediation

References

CVE-2002-1954

Related Vulnerabilities

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45879)

TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55894)

b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5293)

WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)

Severity

Medium

Classification

CVE-2002-1954

Tags

Missing Update Known Vulnerabilities