[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3388Date: (C)2005-11-01   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1015130
SREASON-133
BID-15248
SECUNIA-17371
SECUNIA-17490
SECUNIA-17510
SECUNIA-17531
SECUNIA-17557
SECUNIA-17559
SECUNIA-18198
SECUNIA-18669
http://www.securityfocus.com/archive/1/415292
SECUNIA-21252
SECUNIA-22691
ADV-2005-2254
ADV-2006-4320
FEDORA-2020-fb144e7de5
FLSA:166943
GLSA-200511-08
MDKSA-2005:213
OpenPKG-SA-2005.027
RHSA-2005:831
RHSA-2005:838
RHSA-2006:0549
SSRT061238
SUSE-SR:2005:027
TLSA-2006-38
USN-232-1
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm
http://www.hardened-php.net/advisory_182005.77.html
http://www.php.net/release_4_4_1.php
oval:org.mitre.oval:def:10542

CPE    41
cpe:/a:php:php:5.0.0:rc3
cpe:/a:php:php:5.0.0:rc2
cpe:/a:php:php:5.0.0:rc1
cpe:/a:php:php:4.3.10
...
OVAL    1
oval:org.secpod.oval:def:118378

© SecPod Technologies