vendor:
PHP
by:
Stefan Esser
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: PHP
Affected Version From: PHP 4
Affected Version To: PHP 4
Patch Exists: NO
Related CWE:
CPE: a:php:php:4
Platforms Tested:
2007
PHP 4 – phpinfo() XSS
The vulnerability allows remote attackers to inject arbitrary web script or HTML via a parameter in the phpinfo() page.
Mitigation:
Update to a newer version of PHP or apply a patch to fix the vulnerability.