|
|
CVE Reference: CVE-2007-1287 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-1287 |
|
|
Description: A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA26235 OSVDB 32774 MISC http://www.php-security.org/MOPB/MOPB-08-2007.html CONFIRM http://us2.php.net/releases/4_4_7.php http://docs.info.apple.com/article.html?artnum=306172 BID 25159 APPLE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html |
|
| Return to the previous page. |
