CVE-2006-0996

Php - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Maksymilian Arciemowicz · textremotephp

https://www.exploit-db.com/exploits/27564

View Code ZIP pw:eip

References (34)

[Various Sources] http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c

[Patch] http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261

[Mailing List] http://marc.info/?l=php-cvs&m=114374620416389&w=2

[Vendor Advisory] http://secunia.com/advisories/19599

[Vendor Advisory] http://secunia.com/advisories/19775

[Vendor Advisory] http://secunia.com/advisories/19832

[Vendor Advisory] http://secunia.com/advisories/19979

[Vendor Advisory] http://secunia.com/advisories/20052

[Vendor Advisory] http://secunia.com/advisories/20210

[Vendor Advisory] http://secunia.com/advisories/20222

[Vendor Advisory] http://secunia.com/advisories/20951

[Vendor Advisory] http://secunia.com/advisories/21125

[Vendor Advisory] http://secunia.com/advisories/21252

[Vendor Advisory] http://secunia.com/advisories/21564

[Third Party Advisory, VDB Entry] http://www.osvdb.org/24484

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2006-0501.html

[Exploit] http://www.securityfocus.com/bid/17362

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25702

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0276.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2006-0549.html

... and 14 more

Scores

EPSS 0.1815

EPSS Percentile 95.1%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

php/php

php/php

Timeline

Published Apr 10, 2006

Tracked Since Feb 18, 2026