CVE		CVE-2005-3390
Status		Candidate
Description		The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
Phase		Assigned (01.11.2005)
NVD:		http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3390
References		BID : 15250
		BUGTRAQ : 20051031 Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability
		CONFIRM : http://support.avaya.com/elmodocs2/security/ASA-20...
		CONFIRM : http://www.php.net/release_4_4_1.php
		FEDORA : FLSA:166943
		FRSIRT : ADV-2005-2254
		FRSIRT : ADV-2006-4320
		GENTOO : GLSA-200511-08
		HP : HPSBMA02159
		HP : SSRT061238
		MANDRIVA : MDKSA-2005:213
		MISC : http://www.hardened-php.net/advisory_202005.79.html
		MISC : http://www.hardened-php.net/globals-problem
		OPENPKG : OpenPKG-SA-2005.027
		REDHAT : RHSA-2005:831
		REDHAT : RHSA-2005:838
		REDHAT : RHSA-2006:0549
		SECTRACK : 1015129
		SECUNIA : 17371
		SECUNIA : 17490
		SECUNIA : 17510
		SECUNIA : 17531
		SECUNIA : 17557
		SECUNIA : 17559
		SECUNIA : 18054
		SECUNIA : 18198
		SECUNIA : 18669
		SECUNIA : 21252
		SECUNIA : 22691
		SUSE : SUSE-SA:2005:069
		SUSE : SUSE-SR:2005:026
		SUSE : SUSE-SR:2005:027
		UBUNTU : USN-232-1