PT-2002-1967 · Php · Php
Published
2002-10-04
·
Updated
2008-09-05
·
CVE-2002-0958
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
PHP(Reactor) version 1.2.7
Description:
The issue allows remote attackers to execute scripts as other users. This is achieved via the
go parameter in the comments section of the browse.php file.Recommendations:
For PHP(Reactor) version 1.2.7, consider restricting access to the
browse.php file or disabling the comments section until a patch is available. Avoid using the go parameter in the comments section to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php