This application requires Javascript for optimal performance.

PHP.Strip.Tags.Function.Bypass.Vuln

Release Date

Mar 17, 2010

Severity

high

Impact

Attackers can create cross-site scripting issues or execute arbitrary code.

Description

PHP is a scripting language which acts as a module for Apache or as a standalone interpreter.

This vulnerability can be exploited to execute arbitrary code on the remote host if the option memory_limit is set.

Another bug may allow an attacker to bypass content-restrictions in the function strip_tags() under certain conditions such as when register_globals is enabled.

These vulnerabilities has been confirmed in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3.

Some older versions may also be affected.

Affected Products

Recommended Actions

Upgrade to the latest version.

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2004-0594
CVE-2004-0595

Reference/s

http://www.securityfocus.com/bid/10724 (BugTraq)

Reference: VID-18302