PT-2005-4189 · Php+1 · Php+1

Stefan Esser

Published

2005-11-01

Updated

2024-06-15

CVE-2005-3390

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions 4.x up to 4.4.0 PHP versions 5.x up to 5.0.5

Description The issue allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications. This is achieved via a multipart/form-data POST request with a "GLOBALS" file upload field when register globals is enabled.

Recommendations For PHP versions 4.x up to 4.4.0, disable the register globals setting to prevent exploitation. For PHP versions 5.x up to 5.0.5, disable the register globals setting to prevent exploitation. As a temporary workaround, consider restricting access to the RFC1867 file upload feature until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-3390

OPENSUSE-SU-2024:11167-1

OPENSUSE-SU-2024:11169-1

RHSA-2005:831

RHSA-2005_831

Affected Products

Php

Red Hat

PT-2005-4189 · Php+1 · Php+1

CVE-2005-3390

Related Identifiers

Affected Products

References · 141