Description
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Remediation
References
Related Vulnerabilities
Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)
WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)
WordPress Plugin Animal Captcha Cross-Site Scripting (1.6.2)