Description

This alert was generated using only banner information. It may be a false positive.

PHP applications can be manipulated into opening arbitrary files on the server, rather than those uploaded by the user.

Affected PHP versions (up to 3.0.16, 4.0.2).

Remediation

Upgrade PHP to the latest version.

References

BID 1649

PHP Homepage

Related Vulnerabilities

Python Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4940)

TYPO3 Improper Input Validation Vulnerability (CVE-2010-5099)

WordPress Plugin Widget Logic Cross-Site Request Forgery (5.10.2)

PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2018-5711)

WordPress Plugin Lightbox Multiple Vulnerabilities (1.6.6)

Severity

Medium

Classification

CVE-2000-0860 CWE-538 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Information Disclosure