DescriptionCross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs336654

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)(not affected)


According to this only affects a
php function that displays the PHP logo and version information. In the bug
log the developers seem unwilling to fix this, as it only affects a debug
can not reproduce in any versions of php4 in the archive.
- php4 <not-affected> (bug #349260; low)

Search for package or bug name: Reporting problems