Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Php
  • Php

Configuration 1 [-]

OR cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261 Patch
http://marc.info/?l=php-cvs&m=114374620416389&w=2
http://rhn.redhat.com/errata/RHSA-2006-0276.html
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/19599 Vendor Advisory
http://secunia.com/advisories/19775 Vendor Advisory
http://secunia.com/advisories/19832 Vendor Advisory
http://secunia.com/advisories/19979 Vendor Advisory
http://secunia.com/advisories/20052 Vendor Advisory
http://secunia.com/advisories/20210 Vendor Advisory
http://secunia.com/advisories/20222 Vendor Advisory
http://secunia.com/advisories/20951 Vendor Advisory
http://secunia.com/advisories/21125 Vendor Advisory
http://secunia.com/advisories/21252 Vendor Advisory
http://secunia.com/advisories/21564 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200605-08.xml
http://securityreason.com/achievement_securityalert/34
http://securityreason.com/securityalert/675
http://securitytracker.com/id?1015879
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2006:074
http://www.novell.com/linux/security/advisories/05-05-2006.html
http://www.osvdb.org/24484
http://www.php.net/ChangeLog-4.php#4.4.3
http://www.redhat.com/support/errata/RHSA-2006-0501.html
http://www.securityfocus.com/bid/17362 Exploit
http://www.ubuntu.com/usn/usn-320-1
http://www.vupen.com/english/advisories/2006/1290
http://www.vupen.com/english/advisories/2006/2685
https://exchange.xforce.ibmcloud.com/vulnerabilities/25702
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10997
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-10T18:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2006-03-06T00:00:00

Link: CVE-2006-0996

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-04-10T18:06:00.000

Modified: 2017-10-11T01:30:40.420

Link: CVE-2006-0996

JSON object: View

cve-icon Redhat Information

No data.

CWE