CVE-2006-0996
CVE-2006-0996
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 1
exploitdbwww.exploit-db.com/exploits/27564não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.chttp://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261http://marc.info/?l=php-cvs&m=114374620416389&w=2http://rhn.redhat.com/errata/RHSA-2006-0276.htmlhttp://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/19599http://secunia.com/advisories/19775http://secunia.com/advisories/19832http://secunia.com/advisories/19979http://secunia.com/advisories/20052http://secunia.com/advisories/20210