PHP : Security Vulnerabilities, CVEs, Published In 2007 (Information Leak)
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
Max CVSS
4.3
EPSS Score
0.38%
Published
2007-05-17
Updated
2018-10-19
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
Max CVSS
4.3
EPSS Score
1.24%
Published
2007-11-20
Updated
2018-10-15
PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database information via a direct request to inc/lib.inc.
Max CVSS
5.0
EPSS Score
0.38%
Published
2007-12-21
Updated
2018-10-15
3 vulnerabilities found