icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP 4.x < 4.4.0 / 5.x < 5.0.6 GLOBAL Variable Overwrite

Medium

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host is running a version of PHP that is older than 4.4.0 or 5.0.6. This version has a flaw where remote attackers can reenable the 'register_globals' parameter. In addition, a remote attacker may be able to overwrite the 'GLOBAL' variable. This may lead to another more serious exploitation.

Solution

Upgrade to version 5.0.6 or higher.