QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-0996

Back to search

CVE-2006-0996

Published: Apr 10, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

VendorProductVersions

n/a

n/a

affected
n/a

References

675
third-party-advisory
x_refsource_SREASON
19775
third-party-advisory
x_refsource_SECUNIA
21252
third-party-advisory
x_refsource_SECUNIA
24484
vdb-entry
x_refsource_OSVDB
20222
third-party-advisory
x_refsource_SECUNIA
20210
third-party-advisory
x_refsource_SECUNIA
17362
vdb-entry
x_refsource_BID
RHSA-2006:0276
vendor-advisory
x_refsource_REDHAT
GLSA-200605-08
vendor-advisory
x_refsource_GENTOO
ADV-2006-1290
vdb-entry
x_refsource_VUPEN
USN-320-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2006:0501
vendor-advisory
x_refsource_REDHAT
1015879
vdb-entry
x_refsource_SECTRACK
20060408 phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2
third-party-advisory
x_refsource_SREASONRES
19979
third-party-advisory
x_refsource_SECUNIA
RHSA-2006:0549
vendor-advisory
x_refsource_REDHAT
20951
third-party-advisory
x_refsource_SECUNIA
21125
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10997
vdb-entry
signature
x_refsource_OVAL
19599
third-party-advisory
x_refsource_SECUNIA
MDKSA-2006:074
vendor-advisory
x_refsource_MANDRIVA
19832
third-party-advisory
x_refsource_SECUNIA
20052
third-party-advisory
x_refsource_SECUNIA
21564
third-party-advisory
x_refsource_SECUNIA
php-phpinfo-long-array-xss(25702)
vdb-entry
x_refsource_XF
ADV-2006-2685
vdb-entry
x_refsource_VUPEN
SUSE-SA:2006:024
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now