CVE-2007-1287 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2007-1287
Status Candidate
Description A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388.
Severity Low
CVSS score 1,9
CVSS vector (AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
Phase Assigned (06.03.2007)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1287
References CONFIRM : http://us2.php.net/releases/4_4_7.php
MISC : http://www.php-security.org/MOPB/MOPB-08-2007.html
OSVDB : 32774
SecurityVulns: Multiple PHP bugs

test server