Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 5.4.30之前的版本和5.5.14之前的5.5.x版本的ext/standard/info.c文件中的phpinfo实现过程存在安全漏洞,该漏洞源于程序没有正确设置PHP_AUTH_PW,PHP_AUTH_TYPE,PHP_AUTH_USER,PHP_SELF变量的字符串数据类型。攻
CVSS Information
N/A
Vulnerability Type
N/A