4.3

CVE-2007-1287

Exploit
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpPhp Version4.4.4
PhpPhp Version4.4.5
PhpPhp Version4.4.6
PhpPhp Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.17% 0.864
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://us2.php.net/releases/4_4_7.php
http://www.osvdb.org/32774
http://www.php-security.org/MOPB/MOPB-08-2007.html
Patch
Vendor Advisory
Exploit