Vulnerability in N/a
CVE-2005-3388
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
EPSS: 0.633 (98.4th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20051031 Advisory 18/2005: PHP Cross Site Scripting (XSS) Vulnerability in phpinfo() (mailing-list, x_refsource_BUGTRAQ)
- 21252 (x_refsource_SECUNIA, third-party-advisory)
- 22691 (x_refsource_SECUNIA, third-party-advisory)
- MDKSA-2005:213 (vendor-advisory, x_refsource_MANDRIVA)
- RHSA-2005:831 (x_refsource_REDHAT, vendor-advisory)
- TLSA-2006-38 (vendor-advisory, x_refsource_TURBO)
- support.avaya.com/elmodocs2/security/ASA-2006-037.htm (x_refsource_CONFIRM)
- 18198 (x_refsource_SECUNIA, third-party-advisory)
- SSRT061238 (x_refsource_HP, vendor-advisory)
- ADV-2005-2254 (vdb-entry, x_refsource_VUPEN)