CVE-2000-0860

Name of the Vulnerable Software and Affected Versions PHP versions 3 and 4 PHP version 3.0.X

Description The issue affects PHP's file upload capability, allowing remote attackers to read arbitrary files by manipulating hidden form fields. Additionally, PHP does not perform proper bounds checking on functions related to form-based file uploads, which can lead to buffer overruns and execution of arbitrary instructions. The vulnerability also exists in the error logging code, where a malicious user can craft a string with malicious format specifiers to gain remote access. Furthermore, PHP's handling of uploads can be manipulated to open arbitrary files on the server, and under certain versions, the popen() command can be exploited in 'safe mode'.

Recommendations For PHP versions 3 and 4, consider disabling the file upload capability until a patch is available. For PHP version 3.0.X, restrict access to the vulnerable functions related to form-based file uploads to minimize the risk of exploitation. As a temporary workaround, consider disabling error logging or modifying the "php.ini" configuration file to prevent the php syslog() function from interpreting malicious format specifiers. Avoid using the popen() command in 'safe mode' until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.