漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.
漏洞信息
N/A
漏洞
N/A
漏洞
PHP import_request_variables()函数任意变量覆盖漏洞
漏洞信息
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的import_request_variables()函数实现上存在漏洞,远程攻击者可能利用此漏洞控制服务器。 远程攻击者可以利用PHP的import_request_variables()函数覆盖$_*和$*变量(任意php变量),导致执行任意代码。有漏洞代码位于以下文件中: ./ext/standard/basic_functions.c:PHP_FUNCTION(import_request_variables)
漏洞信息
N/A
漏洞
N/A