CVE-2003-0442

PHP < 4.3.2 - Cross-Site Scripting via PHPSESSID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0442. PoCs published by Sverre H. Huseby.

AI-analyzed exploit summary This is a writeup describing a cross-site scripting (XSS) vulnerability in PHP due to insufficient sanitization of the PHPSESSID URI parameter. The vulnerability allows arbitrary script execution in a victim's browser by embedding malicious code in the PHPSESSID parameter.

Description

Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sverre H. Huseby · textremotephp
https://www.exploit-db.com/exploits/22696

This is a writeup describing a cross-site scripting (XSS) vulnerability in PHP due to insufficient sanitization of the PHPSESSID URI parameter. The vulnerability allows arbitrary script execution in a victim's browser by embedding malicious code in the PHPSESSID parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: PHP (versions affected by CVE-2003-0442)
No auth needed
Prerequisites: A vulnerable PHP application that uses PHPSESSID in the URI
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:082
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1008653
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7761
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691
Exploit, Patch, Vendor Advisory x_refsource_misc
http://shh.thathost.com/secadv/2003-05-11-php.txt
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-351
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12259
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105760591228031&w=2
Various Sources vendor-advisory x_refsource_turbo
http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105449314612963&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4758
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-112.shtml
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-204.html

Scores

EPSS 0.0698
EPSS Percentile 93.4%

Details

Status published
Products (3)
php/php < 4.3.1
redhat/linux 8.0
redhat/linux 9.0
Published Jul 24, 2003
Tracked Since Feb 18, 2026