CVE-2005-3388

MEDIUM severity · CVSS 4.3

4.3CVSS MEDIUM

Summary

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Impact & exploitability

Attack vectorNetwork

Attack complexity—

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impact—

Availability impactNone

Exploit probability (EPSS)63%

AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected products we track (1)

PHP

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://secunia.com/advisories/17371 ↗

Additional information

NVD record
http://secunia.com/advisories/17371Patch
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
http://rhn.redhat.com/errata/RHSA-2006-0549.html
http://secunia.com/advisories/17490
http://secunia.com/advisories/17510
http://secunia.com/advisories/17531
http://secunia.com/advisories/17557
http://secunia.com/advisories/17559