NVD

Id
71421  
Name
CVE-2004-1020  
Description
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-07-18  
Published
2005-01-10  
Modified Date
2017-07-10  
Seq
2004-1020  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
369291 71421 CVE-2004-1020 CLA-2005:915  View
369292 71421 CVE-2004-1020 GLSA-200412-14  View
369293 71421 CVE-2004-1020 MDKSA-2004:151  View
369294 71421 CVE-2004-1020 http://www.php.net/release_4_3_10.php  View
369295 71421 CVE-2004-1020 HPSBMA01212  View
369296 71421 CVE-2004-1020 20041216 PHP Input Validation Vulnerabilities  View
369297 71421 CVE-2004-1020 11981  View
369298 71421 CVE-2004-1020 php-addslashes-view-files(18516)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
63198 JVNDB-2004-000540 PHP の addslashes() 関数における不適切な終端文字のエスケープ処理の脆弱性 ------------ CVE-2004-1020 9447 CVE-2004-1020 71421 5 http://jvndb.jvn.jp/ja/contents/2004/JVNDB-2004-000540.html 2004-12-15 2007-04-01 View