CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0097
https://notcve.org/view.php?id=CVE-2003-0097
03 Mar 2003 — Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect). • http://marc.info/?l=bugtraq&m=104550977011668&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2002-1396
https://notcve.org/view.php?id=CVE-2002-1396
17 Jan 2003 — Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code. Desbordamiento de búfer basado en la pila en la función wordwrap en PHP posteriores a 4.1.2 y anteriores a 4.3.0 puede permitir a atacantes causar una denegación de servicio o ejecutar código arbitrario. • http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2002-2214
https://notcve.org/view.php?id=CVE-2002-2214
31 Dec 2002 — The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header. • http://bugs.php.net/bug.php?id=15595 •
CVSS: 7.8EPSS: 12%CPEs: 38EXPL: 2CVE-2002-2309 – PHP Interpreter 3.0.x/4.0.x/4.1/4.2 - Direct Invocation Denial of Service
https://notcve.org/view.php?id=CVE-2002-2309
31 Dec 2002 — php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments. • https://www.exploit-db.com/exploits/21632 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 2CVE-2002-2215
https://notcve.org/view.php?id=CVE-2002-2215
31 Dec 2002 — The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function. • http://bugs.php.net/bug.php?id=19280 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2002-1954 – PHP 4 - 'PHPInfo()' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-1954
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. • https://www.exploit-db.com/exploits/22725 •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2002-1783
https://notcve.org/view.php?id=CVE-2002-1783
31 Dec 2002 — CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0086.html •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2002-0985
https://notcve.org/view.php?id=CVE-2002-0985
24 Sep 2002 — Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 5.3EPSS: 5%CPEs: 18EXPL: 0CVE-2002-0986
https://notcve.org/view.php?id=CVE-2002-0986
24 Sep 2002 — The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 1CVE-2002-0484 – PHP 3.0.x/4.x - Move_Uploaded_File open_basedir Circumvention
https://notcve.org/view.php?id=CVE-2002-0484
12 Aug 2002 — move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. • https://www.exploit-db.com/exploits/21347 •