Php: Security Vulnerabilities
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVSS Score
5.0
EPSS Score
0.011
Published
2000-11-14
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVSS Score
10.0
EPSS Score
0.027
Published
2000-01-04
CGI PHP mylog script allows an attacker to read any file on the target server.
CVSS Score
7.5
EPSS Score
0.029
Published
1997-10-19
CGI PHP mlog script allows an attacker to read any file on the target server.
CVSS Score
5.0
EPSS Score
0.005
Published
1997-10-16
php.cgi allows attackers to read any file on the system.
CVSS Score
10.0
EPSS Score
0.016
Published
1997-08-01
Buffer overflow in PHP cgi program, php.cgi allows shell access.
CVSS Score
7.5
EPSS Score
0.007
Published
1997-04-17
Page 77