PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access

Medium Nessus Plugin ID 10513


Arbitrary files may be read on the remote host.


A version of PHP that is older than 3.0.17 or 4.0.3 is running on this host.

If a PHP service that allows users to upload files and then display their content is running on this host, an attacker may be able to read arbitrary files from the server.


Upgrade to PHP 3.0.17 or 4.0.3.

See Also

Plugin Details

Severity: Medium

ID: 10513

File Name: php_file_upload.nasl

Version: $Revision: 1.27 $

Type: remote

Family: Web Servers

Published: 2000/09/12

Modified: 2016/11/23

Dependencies: 10107, 17975

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:php:php

Vulnerability Publication Date: 2000/09/03

Reference Information

CVE: CVE-2000-0860

BID: 1649

OSVDB: 412