CVE-2007-1287
published 2007-03-06CVE-2007-1287: A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.17%
86.4th percentile
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
| php | php | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CVE-2007-1287: A regression error in the phpinfo function in PHP 4
vendor_redhat·CVSS 4.3
CVE-2007-1287 [MEDIUM] CVE-2007-1287: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Statement: The phpinfo function should not be used in publically-accessible PHP scripts.
GHSA
GHSA-q96v-4v8v-rmwm: A regression error in the phpinfo function in PHP 4
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1287 [MEDIUM] GHSA-q96v-4v8v-rmwm: A regression error in the phpinfo function in PHP 4
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
No detection rules found.
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/26235http://us2.php.net/releases/4_4_7.phphttp://www.osvdb.org/32774http://www.php-security.org/MOPB/MOPB-08-2007.htmlhttp://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://secunia.com/advisories/26235http://us2.php.net/releases/4_4_7.phphttp://www.osvdb.org/32774http://www.php-security.org/MOPB/MOPB-08-2007.htmlhttp://www.securityfocus.com/bid/25159http://www.vupen.com/english/advisories/2007/2732
2007-03-06
Published