PHP : HTML code injection prevention - suspicious GLOBALS variable
Description
On some servers using php scripts with a specific configuration, the use of GLOBALS[] array with a vulnerable parameter might allow a malicious user to inject HTML code.
Default
configuration
Profiles
High
Medium
Low
Internet
Action
Block
Block
Block
Block
Alarm Level
Major
Minor
Minor
Major
References
Available since
ASQ v3.2.0
Protects
Dolphin "eval()" PHP Code Execution Vulnerability
GNUBoard "g4_path" File Inclusion Vulnerability
NetCat "search_query" PHP Code Execution Vulnerability
TYPO3 Code Execution and Multiple Cross Site Scripting Vulnerabilities
TYPO3 Code Execution and Cross Site Scripting Vulnerabilities
PHPope Multiple Parameter Remote File Inclusion Vulnerabilities
100 last CVE
CVE-2009-4472
CVE-2009-0290
Risk level
Moderate
