Description

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

Remediation

References

CVE-2007-1287

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14881)

WordPress Plugin Instagram Feed Cross-Site Scripting (1.4.6.2)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)

WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)

MySQL CVE-2013-2389 Vulnerability (CVE-2013-2389)

Severity

Medium

Classification

CVE-2007-1287

Tags

Missing Update Known Vulnerabilities