PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Max CVSS
10.0
Published
2000-12-19
Updated
2018-05-03
EPSS
34.05%
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
Max CVSS
5.0
Published
2000-11-14
Updated
2017-10-10
EPSS
0.83%
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
Max CVSS
10.0
Published
2000-01-04
Updated
2008-09-10
EPSS
6.40%
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!