136 matches found
CVE-2008-0260
minimal Gallery 0.8 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
Information disclosure
TUTOS 1.3 allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function...
Information disclosure
OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
Information disclosure
GF-3XPLORER 2.4 allows remote attackers to obtain configuration information via a direct request to explorer/phpinfo.php, which calls the phpinfo function...
CVE-2007-6221
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Information disclosure
TuMusika Evolution 1.7R5 allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2003-1403
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...
CVE-2002-2289
The CVE concerns BadBlue 1.7.1 where soinfo.php calls the PHP phpinfo function, exposing sensitive information and potentially ODBC passwords. The root cause is the phpinfo output being exposed remotely, enabling information disclosure. Publicly documented details are limited to this information;...
CVE-2007-3525
Ripe Website Manager 0.8.9 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Information disclosure
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-3191
Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function...
CVE-2007-1287
CVE-2007-1287 describes a regression in PHP’s phpinfo output allowing cross-site scripting via unescaped GET/POST/COOKIE array values. Affects PHP 4.4.3–4.4.6 and PHP 6.0 in CVS; vulnerability stems from not escaping values in the phpinfo output, reusing the XSS issue originally addressed by CVE-...
MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu)
Summary With PHP 4.4.3 a previously fixed bug that was disclosed at the end of October 2005 by the Hardened-PHP Project was reintroduced. Again phpinfo does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-6998
install/loaderhelp.php in Headstart Solutions DeskPRO allows remote attackers to obtain configuration information via a q=phpinfo QUERYSTRING, which calls the phpinfo function...
CVE-2006-3882
Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function...
USN-320-1: PHP vulnerabilities
The phpinfo PHP function did not properly sanitize long strings. A remote attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo. Please note that it is not recommended to publicly expose phpinfo. CVE-2006-0996 An...
CVE-2006-3282
requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...
CVE-2006-3282
The CVE-2006-3282 entry affects Dating Agent PRO 4.7.1, where the file requirements.php can be accessed directly to invoke phpinfo. This allows remote attackers to obtain sensitive information through a direct request, constituting an information disclosure vulnerability. The NVD entry confirms a...
CVE-2006-3112
Chipmailer 1.09 allows remote attackers to obtain sensitive information via a direct request to php.php, which displays the output of the phpinfo function...