This alert was generated using only banner information. It may be a false positive.
Two problems have been reported in PHP versions older than 4.3.8. One may allow an attacker to execute arbitrary code on the remote host if memory_limit is set. The other problem is related with strip_tags function which is unable to properly filter null (\0) characters within tag names. This vulnerability may facilitate the exploitation of XSS (cross site scripting) vulnerabilities on Internet Explorer and Safari web browsers.
Affected PHP versions (up to 4.3.7).
- Upgrade PHP to the latest version.
- WordPress Plugin Event Registration Multiple Vulnerabilities (6.02.03)
- WordPress Plugin Posts in Page Local File Inclusion (1.2.4)
- WordPress Plugin WebLibrarian Cross-Site Scripting (18.104.22.168)
- WordPress Plugin Dexs PM System Cross-Site Scripting (1.0.1)
- WordPress Plugin MyPixs Local File Inclusion (0.3)