Unrated severityNVD Advisory· Published Nov 14, 2000· Updated Apr 16, 2026
CVE-2000-0860
CVE-2000-0860
Description
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
Affected products
18cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.securityfocus.com/bid/1649nvdExploitVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2000-08/0455.htmlnvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2000-08/0477.htmlnvd
- archives.neohapsis.com/archives/bugtraq/2000-09/0150.htmlnvd
- cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diffnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/5190nvd
News mentions
0No linked articles in our index yet.