CVE-2007-1287 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1287
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1287

Description: A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.

CVE Status: Candidate

References: SAID Secunia Advisory: SA26235 OSVDB 32774 MISC http://www.php-security.org/MOPB/MOPB-08-2007.html CONFIRM http://us2.php.net/releases/4_4_7.php http://docs.info.apple.com/article.html?artnum=306172 BID 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Return to the previous page.