Description
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Remediation
References
Related Vulnerabilities
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2016-9451)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3397)
Oracle Database Server CVE-2015-4888 Vulnerability (CVE-2015-4888)
PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)