Описание
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php4 | not-affected | package | ||
| php5 | fixed | 5.1.1-1 | package |
Примечания
According to https://bugs.php.net/bug.php?id=19881 this only affects a
php function that displays the PHP logo and version information. In the bug
log the developers seem unwilling to fix this, as it only affects a debug
function.
can not reproduce in any versions of php4 in the archive.
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.