Shodan
Vulnerabilities
Vulnerable Software
Php:  >> Php  >> 3.0.4  Security Vulnerabilities
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
CVSS Score
2.1
EPSS Score
0.048
Published
2004-11-03
CVE-2004-0542
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
CVSS Score
10.0
EPSS Score
0.116
Published
2004-08-06
CVE-2003-0442
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
CVSS Score
4.3
EPSS Score
0.516
Published
2003-07-24
CVE-2002-2215
The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
CVE-2002-2309
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
CVSS Score
7.8
EPSS Score
0.046
Published
2002-12-31
CVE-2002-0484
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
CVSS Score
5.0
EPSS Score
0.066
Published
2002-08-12
CVE-2002-0229
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
CVSS Score
7.5
EPSS Score
0.054
Published
2002-05-16
CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVSS Score
5.0
EPSS Score
0.011
Published
2000-11-14
CVE-2000-0059
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVSS Score
10.0
EPSS Score
0.027
Published
2000-01-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved