CVE-2005-3390

Name of the Vulnerable Software and Affected Versions PHP versions 4.x up to 4.4.0 PHP versions 5.x up to 5.0.5

Description The issue allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications. This is achieved via a multipart/form-data POST request with a "GLOBALS" file upload field when register globals is enabled.

Recommendations For PHP versions 4.x up to 4.4.0, disable the register globals setting to prevent exploitation. For PHP versions 5.x up to 5.0.5, disable the register globals setting to prevent exploitation. As a temporary workaround, consider restricting access to the RFC1867 file upload feature until a patch is available.