Description

This alert was generated using only banner information. It may be a false positive.

PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user.

Affected PHP versions (up to 3.0.16, 4.0.2).

Remediation

Upgrade PHP to the latest version.

References

BID 1649

PHP Homepage

Related Vulnerabilities

WordPress 4.5.x Possible SQL Injection Vulnerability (4.5 - 4.5.10)

Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7935)

Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)

Severity

Medium

Classification

CVE-2000-0860 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure