Shodan
Vulnerabilities
Vulnerable Software
Php:  >> Php  >> 4.3.9  Security Vulnerabilities
CVE-2004-1020
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVSS Score
5.0
EPSS Score
0.126
Published
2005-01-10
CVE-2004-1063
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVSS Score
10.0
EPSS Score
0.03
Published
2005-01-10
CVE-2004-1064
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVSS Score
10.0
EPSS Score
0.028
Published
2005-01-10
CVE-2004-1065
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
CVSS Score
10.0
EPSS Score
0.069
Published
2005-01-10
CVE-2004-0958
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
CVSS Score
5.0
EPSS Score
0.112
Published
2004-11-03
CVE-2004-0959
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.
CVSS Score
2.1
EPSS Score
0.052
Published
2004-11-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved