rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-11-03
Updated
2017-10-11
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
Max CVSS
5.0
EPSS Score
3.03%
Published
2004-11-03
Updated
2017-10-11
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Max CVSS
10.0
EPSS Score
92.00%
Published
2004-08-06
Updated
2022-07-01
3 vulnerabilities found