[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2005-3390Date: (C)2005-11-01   (M)2023-12-22


The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015129
SREASON-132
BID-15250
SECUNIA-17371
SECUNIA-17490
SECUNIA-17510
SECUNIA-17531
SECUNIA-17557
SECUNIA-17559
SECUNIA-18054
SECUNIA-18198
SECUNIA-18669
http://www.securityfocus.com/archive/1/415290/30/0/threaded
SECUNIA-21252
SECUNIA-22691
ADV-2005-2254
ADV-2006-4320
FLSA:166943
GLSA-200511-08
MDKSA-2005:213
OpenPKG-SA-2005.027
RHSA-2005:831
RHSA-2005:838
RHSA-2006:0549
SSRT061238
SUSE-SA:2005:069
SUSE-SR:2005:027
USN-232-1
http://support.avaya.com/elmodocs2/security/ASA-2006-037.htm
http://www.hardened-php.net/advisory_202005.79.html
http://www.hardened-php.net/globals-problem
http://www.php.net/release_4_4_1.php
oval:org.mitre.oval:def:10537

CPE    53
cpe:/a:php:php:3.0
cpe:/a:php:php:4.3.10
cpe:/a:php:php:4.3.11
cpe:/a:php:php:4.3.4
...

© SecPod Technologies