PHP : Security Vulnerabilities, CVEs, Published In 2000
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Max CVSS
10.0
EPSS Score
34.05%
Published
2000-12-19
Updated
2018-05-03
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
Max CVSS
5.0
EPSS Score
0.83%
Published
2000-11-14
Updated
2017-10-10
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
Max CVSS
10.0
EPSS Score
6.40%
Published
2000-01-04
Updated
2008-09-10
3 vulnerabilities found