rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-11-03
Updated
2017-10-11
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
Max CVSS
5.0
EPSS Score
3.03%
Published
2004-11-03
Updated
2017-10-11
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
Max CVSS
6.8
EPSS Score
93.90%
Published
2004-07-27
Updated
2018-10-30
3 vulnerabilities found