CVE-2002-1954

NameCVE-2002-1954
DescriptionCross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesCVE-2005-3388
Debian Bugs336654

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php4source(unstable)(not affected)
php5source(unstable)5.1.1-1low336654

Notes

According to https://bugs.php.net/bug.php?id=19881 this only affects a
php function that displays the PHP logo and version information. In the bug
log the developers seem unwilling to fix this, as it only affects a debug
function.
can not reproduce in any versions of php4 in the archive.
- php4 <not-affected> (bug #349260; low)

Search for package or bug name: Reporting problems