PHP version older than 4.3.8

  • <div class="bb-coolbox"><span class="bb-dark">This alert was generated using only banner information. It may be a false positive. </span></div><br/>Two problems have been reported in PHP versions older than 4.3.8. One may allow an attacker to execute arbitrary code on the remote host if memory_limit is set. The other problem is related with strip_tags function which is unable to properly filter null (\0) characters within tag names. This vulnerability may facilitate the exploitation of XSS (cross site scripting) vulnerabilities on Internet Explorer and Safari web browsers.<br/><br/><span class="bb-navy">Affected PHP versions (up to 4.3.7).</span><br/>
  • Upgrade PHP to the latest version.