CVE-2004-0595

PHP 4.x-5.0.0RC3 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0595. PoCs published by Stefan Esser.

AI-analyzed exploit summary This is a writeup describing a vulnerability in PHP's strip_tags() function that allows bypassing input sanitization, leading to XSS or HTML injection. The issue arises when malformed tags like <\0script> are used and magic_quotes_gpc is disabled.

Description

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Stefan Esser · textremotephp

https://www.exploit-db.com/exploits/24280

View Code ZIP pw:eip

This is a writeup describing a vulnerability in PHP's strip_tags() function that allows bypassing input sanitization, leading to XSS or HTML injection. The issue arises when malformed tags like <\0script> are used and magic_quotes_gpc is disabled.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHP (versions affected in 2004)

No auth needed

Prerequisites: magic_quotes_gpc must be off · Target application must use strip_tags() for input sanitization

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10724

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108981780109154&w=2

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=109181600614477&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109051444105182&w=2

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000847

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108982983426031&w=2

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2005/dsa-669

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10619

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-395.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-405.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-392.html

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-531

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2004_21_php4.html

Various Sources vendor-advisory x_refsource_mandrake

http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:068

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16692

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-816.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200407-13.xml

Mailing List mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023909.html

Scores

EPSS 0.4516

EPSS Percentile 98.6%

Details

Status published

Products (36)

avaya/converged_communications_server 2.0

avaya/integrated_management

avaya/s8300 r2.0.0

avaya/s8300 r2.0.1

avaya/s8500 r2.0.0

avaya/s8500 r2.0.1

avaya/s8700 r2.0.0

avaya/s8700 r2.0.1

php/php 4.0

php/php 4.0.1

... and 26 more

Published Jul 27, 2004

Tracked Since Feb 18, 2026