Description
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Matthew Murphy · textwebappsphp
https://www.exploit-db.com/exploits/22725
References (4)
Core 4
Core References
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2003-06/0027.html
Third Party Advisory mailing-list
x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0021.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10355.php
Various Sources x_refsource_misc
http://www.techie.hopto.org/vulns/2002-36.txt
Scores
EPSS
0.0281
EPSS Percentile
86.2%
Details
Status
published
Products (1)
php/php
4.2.3
Published
Dec 31, 2002
Tracked Since
Feb 18, 2026