PT-2002-1962 · Php · Php Address

Published

2002-10-04

Updated

2008-09-05

CVE-2002-0953

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP Address versions prior to 0.2f

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter when the PHP allow url fopen and register globals variables are enabled.

Recommendations: For versions prior to 0.2f, consider disabling the register globals variable and restricting the use of allow url fopen to minimize the risk of exploitation. Additionally, avoid using the LangCookie parameter in sensitive operations until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0953

Affected Products

Php Address

PT-2002-1962 · Php · Php Address

CVE-2002-0953

Related Identifiers

Affected Products

References · 6