[MBT] new ticket for pkg php "Arbitary script insertion possible (CAN-2003-0442)"
bugs at pld-linux.org
bugs at pld-linux.org
Wed Oct 1 14:47:18 CEST 2003
Date: 2003-10-01 14:47:18+02 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Arbitary script insertion possible (CAN-2003-0442)
Ticket ID: #747
Ticket URL: http://bugs.pld-linux.org/?bug=747
Package: php-3:4.2.3-9
Distribution: PLD-1.0.updates.security
Category: security problem
Current state: opened
Text:
CAN-2003-0442:
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
More information about the pld-bugs
mailing list