Test ID:	1.3.6.1.4.1.25623.1.0.51838
Category:	CGI abuses
Title:	PHP Upload Arbitrary File Disclosure Vulnerability
Summary:	NOSUMMARY
Description:	Description: The remote host is running a version of PHP older than 3.0.17 or 4.0.3. If a site is configured to allow users to upload files and then display their content, an attacker may be able to excercise a flaw to read arbitrary files from the remote system. Solution : Upgrade to PHP 3.0.17 or 4.0.3 or later. http://www.php.net/manual/language.variables.predefined.php Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	BugTraq ID: 1649 Common Vulnerability Exposure (CVE) ID: CVE-2000-0860 http://www.securityfocus.com/bid/1649 Bugtraq: 20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html Bugtraq: 20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html XForce ISS Database: php-file-upload(5190) https://exchange.xforce.ibmcloud.com/vulnerabilities/5190
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.