cbcvebase.
CVE-2005-3388
published 2005-11-01

CVE-2005-3388: Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web…

PriorityP429medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
48.89%
98.7th percentile
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Affected

39 ranges· showing 25
VendorProductVersion rangeFixed in
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp
phpphp

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/phpinfo.php?GLOBALS[test]=alert(document.cookie);
  • Look for GET/POST/COOKIE parameters targeting phpinfo() scripts using stacked array assignment syntax (e.g., GLOBALS[key]=<payload>) in HTTP requests, which is the attack vector for this XSS vulnerability.
  • Monitor for XSS payloads (e.g., alert(document.cookie)) delivered via query string array parameters to phpinfo() endpoints, which may be used to steal cookie-based authentication credentials.
  • The regression CVE-2007-1287 shows the same attack surface extends to GET, POST, or COOKIE array values not escaped in phpinfo output — monitor all three input channels for unsanitized array values reaching phpinfo().
  • ·The phpinfo() function should never be exposed in publicly accessible PHP scripts, as it is the root attack surface for this vulnerability.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
vendor_ubuntu2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.