ID de Prueba:	1.3.6.1.4.1.25623.1.0.51838
Categoría:	CGI abuses
Título:	PHP Upload Arbitrary File Disclosure Vulnerability
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running a version of PHP older than 3.0.17 or 4.0.3. If a site is configured to allow users to upload files and then display their content, an attacker may be able to excercise a flaw to read arbitrary files from the remote system. Solution : Upgrade to PHP 3.0.17 or 4.0.3 or later. http://www.php.net/manual/language.variables.predefined.php Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 1649 Common Vulnerability Exposure (CVE) ID: CVE-2000-0860 http://www.securityfocus.com/bid/1649 Bugtraq: 20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html Bugtraq: 20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html XForce ISS Database: php-file-upload(5190) https://exchange.xforce.ibmcloud.com/vulnerabilities/5190
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.