Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP phpinfo()跨站脚本漏洞
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的phpinfo()函数可输出大量的有关PHP当前状态的信息,如PHP版本,服务器信息和环境等。 由于phpinfo()会向浏览器泄漏很多信息,因此不建议在生产服务器中存在执行phpinfo()的脚本。但实际上很多服务器中都运行有phpinfo()脚本。攻击者可以通过包含有栈数组分配的特制URL向phpinfo()输出中注入HTML代码,导致泄漏域cookies,如会话标识符。
CVSS Information
N/A
Vulnerability Type
N/A