CVE Vulnerabilities

CVE-2000-0860

Published: Nov 14, 2000 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Affected Software

Name Vendor Start Version End Version
Php Php 1.0 1.0
Php Php 2.0 2.0
Php Php 2.0b10 2.0b10
Php Php 3.0 3.0
Php Php 3.0.1 3.0.1
Php Php 3.0.2 3.0.2
Php Php 3.0.3 3.0.3
Php Php 3.0.4 3.0.4
Php Php 3.0.5 3.0.5
Php Php 3.0.6 3.0.6
Php Php 3.0.7 3.0.7
Php Php 3.0.8 3.0.8
Php Php 3.0.9 3.0.9
Php Php 3.0.10 3.0.10
Php Php 3.0.11 3.0.11
Php Php 3.0.12 3.0.12
Php Php 3.0.13 3.0.13
Php Php 4.0 4.0

References