← volver
CVE-2006-0996

CVE-2006-0996

EPSS 10.8%
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/27564no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.chttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261http://marc.info/?l=php-cvs&m=114374620416389&w=2http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/19599http://secunia.com/advisories/19775http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210