National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:php:php:4.0.5:rc8
There are 403 matching records.
Displaying matches 401 through 403.
Vuln ID Summary CVSS Severity
CVE-2002-0121

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

Published: March 25, 2002; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2001-1247

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Published: December 06, 2001; 12:00:00 AM -05:00
V2: 6.4 MEDIUM
CVE-2001-1246

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Published: June 30, 2001; 12:00:00 AM -04:00
V2: 7.5 HIGH