PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote malicious users to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.0.28 |