A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote malicious users to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php 4.4.6 |
||
php php 6.0 |
||
php php 4.4.4 |
||
php php 4.4.5 |