National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:php:php:4.0:beta3
There are 386 matching records.
Displaying matches 381 through 386.
Vuln ID Summary CVSS Severity
CVE-2002-0253

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

Published: May 29, 2002; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2002-0229

Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.

Published: May 16, 2002; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2001-0108

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Published: March 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Published: January 12, 2001; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2000-0967

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Published: December 19, 2000; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2000-0860

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Published: November 14, 2000; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM