CVE-2005-3388
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2005-3388
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP phpinfo()跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的phpinfo()函数可输出大量的有关PHP当前状态的信息,如PHP版本,服务器信息和环境等。 由于phpinfo()会向浏览器泄漏很多信息,因此不建议在生产服务器中存在执行phpinfo()的脚本。但实际上很多服务器中都运行有phpinfo()脚本。攻击者可以通过包含有栈数组分配的特制URL向phpinfo()输出中注入HTML代码,导致泄漏域cookies,如会话标识符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2005-3388
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2005-3388
请登录查看更多情报信息。
- http://www.php.net/release_4_4_1.phpx_refsource_CONFIRM
- http://www.hardened-php.net/advisory_182005.77.htmlx_refsource_MISC
- http://support.avaya.com/elmodocs2/security/ASA-2006-037.htmx_refsource_CONFIRM
- http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.htmlvendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PIRZJHM6UDNWNHZ3PCMEZ2YUK3CWY2UE/vendor-advisoryx_refsource_FEDORA
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10542vdb-entrysignaturex_refsource_OVAL
- https://nvd.nist.gov/vuln/detail/CVE-2005-3388
Same Patch Batch · n/a · 2005-11-01 · 44 CVEs total
| CVE-2005-3401 | TheHacker病毒扫描绕过漏洞 | |
| CVE-2005-3404 | ATutor多个PHP文件包含漏洞 | |
| CVE-2005-3403 | ATutor多个跨站脚本漏洞 | |
| CVE-2005-3405 | Atutor执行任意PHP函数漏洞 | |
| CVE-2005-3408 | Greg GCards News.PHP SQL注入漏洞 | |
| CVE-2005-2977 | PAM Unix_Chkpwd暴力密码破解漏洞 | |
| CVE-2005-3387 | Ntop ntop.init不安全临时文件创建漏洞 | |
| CVE-2005-3389 | PHP parse_str()函数激活register_globals变量漏洞 | |
| CVE-2005-3390 | PHP文件上传$GLOBALS变量覆盖漏洞 | |
| CVE-2005-3407 | PHPESP SQL注入漏洞 | |
| CVE-2005-3402 | Mozilla Thunderbird不安全SMTP认证协议协商漏洞 | |
| CVE-2005-3400 | Fortinet病毒扫描绕过漏洞 | |
| CVE-2005-3399 | CAT-QuickHeal病毒扫描绕过漏洞 | |
| CVE-2005-3398 | Sun Solaris管理控制台HTTP TRACE信息泄露漏洞 | |
| CVE-2005-3397 | Comersus BackOffice comersus_backoffice_supportError.asp跨站脚本攻击(XSS)漏洞 | |
| CVE-2005-3396 | IBM AIX chcons命令本地溢出漏洞 | |
| CVE-2005-3395 | Invision Gallery Index.PHP SQL注入漏洞 | |
| CVE-2005-3394 | OaBoard Forum.PHP多个SQL注入漏洞 | |
| CVE-2005-3393 | OpenVPN客户端远程格式串处理漏洞 | |
| CVE-2005-3392 | PHP Apache 2 Virtual() Safe_Mode和Open_Basedir限制绕过漏洞 |
Showing top 20 of 44 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2005-3388
No comments yet