Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2004-1020

Published: 10/01/2005 Updated: 11/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Php

Vulnerability Summary

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote malicious users to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Vulnerable Product Search on Vulmon Subscribe to Product

php php 4.3.7

php php 4.3.8

php php 5.0

php php 5.0.1

php php 5.0.2

php php 4.3.6

php php 4.3.9

php php 5.0.0

Exploits

Exploit DB: PHP 4/5 - 'addslashes()' Null Byte Bypass
source: wwwsecurityfocuscom/bid/11981/info PHP4 and PHP5 are reported prone to multiple remotely exploitable vulnerabilities These issue result from insufficient sanitization of user-supplied data A remote attacker may carry out directory traversal attacks to disclose arbitrary files and upload files to arbitrary locations It is repor ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/384663http://www.php.net/release_4_3_10.phphttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915http://www.gentoo.org/security/en/glsa/glsa-200412-14.xmlhttp://www.securityfocus.com/bid/11981http://www.securityfocus.com/advisories/9028http://www.mandriva.com/security/advisories?name=MDKSA-2004:151https://exchange.xforce.ibmcloud.com/vulnerabilities/18516https://nvd.nist.govhttps://www.exploit-db.com/exploits/24985/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook