Arbitrary File Read Vulnerability in PHP File Upload Capability

Arbitrary File Read Vulnerability in PHP File Upload Capability

CVE-2000-0860 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Learn more about our Internal Network Penetration Testing.