Description

This alert was generated using only banner information. It may be a false positive.

PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user.

Affected PHP versions (up to 3.0.16, 4.0.2).

Remediation

Upgrade PHP to the latest version.

References

BID 1649

PHP Homepage

Related Vulnerabilities

WordPress Plugin Simple History Information Disclosure (1.0.7)

WordPress Plugin Cool Video Gallery Command Injection (1.9)

WordPress Plugin Answer My Question Cross-Site Scripting (1.3)

MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)

WordPress Plugin aoringo CAT setter Cross-Site Scripting (0.1.1)

Severity

Medium

Classification

CVE-2000-0860 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure