Php

Php

714 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2002-0253

  • EPSS 0.92%
  • Veröffentlicht 29.05.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path,...

7.5

CVE-2002-0229

  • EPSS 5.45%
  • Veröffentlicht 16.05.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

2.1

CVE-2002-0121

  • EPSS 0.14%
  • Veröffentlicht 25.03.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

7.5

CVE-2002-0081

  • EPSS 52.39%
  • Veröffentlicht 08.03.2002 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

6.4

CVE-2001-1247

Exploit
  • EPSS 1.16%
  • Veröffentlicht 06.12.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

7.5

CVE-2001-1246

  • EPSS 5.41%
  • Veröffentlicht 30.06.2001 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

5

CVE-2001-0108

  • EPSS 0.36%
  • Veröffentlicht 12.03.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

5

CVE-2001-1385

  • EPSS 0.67%
  • Veröffentlicht 12.01.2001 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

10

CVE-2000-0967

Exploit
  • EPSS 26.91%
  • Veröffentlicht 19.12.2000 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

5

CVE-2000-0860

Exploit
  • EPSS 1.11%
  • Veröffentlicht 14.11.2000 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.