vendor:
PHP
by:
Unknown
N/A
CVSS
HIGH
Remote File Inclusion
22
CWE
Product Name: PHP
Affected Version From: PHP4 and PHP5
Affected Version To:
Patch Exists: YES
Related CWE: CVE-2005-1921
CPE: cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
Metasploit:
https://www.rapid7.com/db/vulnerabilities/suse-cve-2005-2498/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-e65ad1bf-0d8b-11da-90d0-00304823c0d3/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2005-2498/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-523fad14-eb9d-11d9-a8bd-000cf18bbe54/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2005-1921/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2005-1921/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=18625, https://www.infosecmatter.com/nessus-plugin-library/?id=21841, https://www.infosecmatter.com/nessus-plugin-library/?id=18597, https://www.infosecmatter.com/nessus-plugin-library/?id=18648, https://www.infosecmatter.com/nessus-plugin-library/?id=18624, https://www.infosecmatter.com/nessus-plugin-library/?id=19532, https://www.infosecmatter.com/nessus-plugin-library/?id=20541, https://www.infosecmatter.com/nessus-plugin-library/?id=21379, https://www.infosecmatter.com/nessus-plugin-library/?id=18640, https://www.infosecmatter.com/nessus-plugin-library/?id=18662
Platforms Tested: Windows
2005
Multiple Remote File Inclusion Vulnerabilities in PHP4 and PHP5
The vulnerabilities in PHP4 and PHP5 allow remote attackers to carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations. This can be exploited by passing user-supplied data without proper sanitization.
Mitigation:
To mitigate these vulnerabilities, it is recommended to sanitize and validate user-supplied data before using it in PHP scripts. Additionally, file upload functionality should be restricted to specific directories and file types.
