CVE-2005-3388
published 2005-11-01CVE-2005-3388: Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web…
PriorityP429medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
48.89%
98.7th percentile
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Affected
39 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET/POST/COOKIE parameters targeting phpinfo() scripts using stacked array assignment syntax (e.g., GLOBALS[key]=<payload>) in HTTP requests, which is the attack vector for this XSS vulnerability. ↗
- →Monitor for XSS payloads (e.g., alert(document.cookie)) delivered via query string array parameters to phpinfo() endpoints, which may be used to steal cookie-based authentication credentials. ↗
- →The regression CVE-2007-1287 shows the same attack surface extends to GET, POST, or COOKIE array values not escaped in phpinfo output — monitor all three input channels for unsanitized array values reaching phpinfo(). ↗
- ·The phpinfo() function should never be exposed in publicly accessible PHP scripts, as it is the root attack surface for this vulnerability. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
vendor_ubuntu2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2xwg-9gx4-w8wf: Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4
ghsa_unreviewed·2022-05-01
CVE-2005-3388 [MEDIUM] GHSA-2xwg-9gx4-w8wf: Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
GHSA
GHSA-q96v-4v8v-rmwm: A regression error in the phpinfo function in PHP 4
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1287 [MEDIUM] GHSA-q96v-4v8v-rmwm: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2005-12-23·CVSS 2.1
CVE-2005-3319 [LOW] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: PHP vulnerabilities
Eric Romang discovered a local Denial of Service vulnerability in the
handling of the 'session.save_path' parameter in PHP's Apache 2.0
module. By setting this parameter to an invalid value in an .htaccess
file, a local user could crash the Apache server. (CVE-2005-3319)
A Denial of Service flaw was found in the EXIF module. By sending an
image with specially crafted EXIF data to a PHP program that
automatically evaluates them (e. g. a web gallery), a remote attacker
could cause an infinite recursion in the PHP interpreter, which caused
the web server to crash. (CVE-2005-3353)
Stefan Esser reported a Cross Site Scripting vulnerability in the
phpinfo() function. By tricking a user into retrieving a specially
crafted URL to a PHP pa
Red Hat
security flaw
vendor_redhat·2005-10-31·CVSS 4.3
CVE-2005-3388 [MEDIUM] security flaw
security flaw
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Red Hat
CVE-2007-1287: A regression error in the phpinfo function in PHP 4
vendor_redhat·CVSS 4.3
CVE-2007-1287 [MEDIUM] CVE-2007-1287: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Statement: The phpinfo function should not be used in publically-accessible PHP scripts.
No detection rules found.
Bugzilla
CVE-2005-3388 security flaw
bugzilla·2018-08-16·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 security flaw
CVE-2005-3388 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Bugzilla
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
bugzilla·2006-06-19·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
Several security issues were found in the PHP package in Stronghold 4.0:
The wordwrap() PHP function did not properly check for integer overflow in
the way the "break" parameter was handled. An attacker who could control a
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)
The phpinfo() PHP function did not properly sanitize long strings. This
could allow an attacker to perform cross-site scripting attacks against
sites that had publicly-available PHP scripts that called phpinfo().
(CVE-2006-0996)
A flaw in the way PHP registered global variables during a file upload
request was discovered. A remote attacker could submit a carefully crafted
multipart/form-data POST request tha
Bugzilla
CVE-2005-3388 PHP phpinfo() XSS attack
bugzilla·2005-11-25·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 PHP phpinfo() XSS attack
CVE-2005-3388 PHP phpinfo() XSS attack
tracking bug
+++ This bug was initially created as a clone of Bug #172212 +++
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
http://www.hardened-php.net/advisory_182005.77.html
This issue should also affect FC3
Discussion:
Fixed in Raw Hide with update to 5.1.1.
Bugzilla
CVE-2005-3388 PHP phpinfo() XSS attack
bugzilla·2005-11-01·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 PHP phpinfo() XSS attack
CVE-2005-3388 PHP phpinfo() XSS attack
+++ This bug was initially created as a clone of Bug #172212 +++
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
http://www.hardened-php.net/advisory_182005.77.html
This issue should also affect FC3
Discussion:
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
---
FEDORA-2020-fb144e7de5 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5
---
FEDORA-2020-fb144e7de5 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enabl
Bugzilla
CVE-2005-3388 PHP phpinfo() XSS attack
bugzilla·2005-11-01·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 PHP phpinfo() XSS attack
CVE-2005-3388 PHP phpinfo() XSS attack
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
http://www.hardened-php.net/advisory_182005.77.html
This issue should also affect RHEL2.1 and RHEL3
Discussion:
A POC for this issue has been posted to full-disclosure:
http://marc.theaimsgroup.com/?l=full-disclosure&m=113110346903765&w=2
phpinfo.php?GLOBALS[test]=alert(document.cookie);
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
plea
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522http://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/17371http://secunia.com/advisories/17490http://secunia.com/advisories/17510http://secunia.com/advisories/17531http://secunia.com/advisories/17557http://secunia.com/advisories/17559http://secunia.com/advisories/18198http://secunia.com/advisories/18669http://secunia.com/advisories/21252http://secunia.com/advisories/22691http://securityreason.com/securityalert/133http://securitytracker.com/id?1015130http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmhttp://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200511-08.xmlhttp://www.hardened-php.net/advisory_182005.77.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:213http://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlhttp://www.php.net/release_4_4_1.phphttp://www.redhat.com/support/errata/RHSA-2005-831.htmlhttp://www.redhat.com/support/errata/RHSA-2005-838.htmlhttp://www.securityfocus.com/archive/1/415292http://www.securityfocus.com/bid/15248http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.vupen.com/english/advisories/2005/2254http://www.vupen.com/english/advisories/2006/4320https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542https://www.ubuntu.com/usn/usn-232-1/http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522http://rhn.redhat.com/errata/RHSA-2006-0549.htmlhttp://secunia.com/advisories/17371http://secunia.com/advisories/17490http://secunia.com/advisories/17510http://secunia.com/advisories/17531http://secunia.com/advisories/17557http://secunia.com/advisories/17559http://secunia.com/advisories/18198http://secunia.com/advisories/18669http://secunia.com/advisories/21252http://secunia.com/advisories/22691http://securityreason.com/securityalert/133http://securitytracker.com/id?1015130http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmhttp://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200511-08.xmlhttp://www.hardened-php.net/advisory_182005.77.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:213http://www.novell.com/linux/security/advisories/2005_27_sr.htmlhttp://www.openpkg.org/security/OpenPKG-SA-2005.027-php.htmlhttp://www.php.net/release_4_4_1.phphttp://www.redhat.com/support/errata/RHSA-2005-831.htmlhttp://www.redhat.com/support/errata/RHSA-2005-838.htmlhttp://www.securityfocus.com/archive/1/415292http://www.securityfocus.com/bid/15248http://www.turbolinux.com/security/2006/TLSA-2006-38.txthttp://www.vupen.com/english/advisories/2005/2254http://www.vupen.com/english/advisories/2006/4320https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542https://www.ubuntu.com/usn/usn-232-1/
2005-11-01
Published