CVE-2004-0959

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.0.2 PHP versions 4.3.8 and prior

Description: The issue allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the $ FILES array to be modified. This may enable an attacker to upload arbitrary files to the remote server.

Recommendations: For PHP versions prior to 5.0.2, update to version 5.0.2 or later to resolve the issue. For PHP versions 4.3.8 and prior, consider upgrading to a newer version to mitigate the risk, as these versions are no longer supported. As a temporary workaround, consider restricting file upload capabilities until a patch is available.