Red Hat Bugzilla – Bug 172208
CVE-2005-3390 PHP register globals arbitrary code execution
Last modified: 2007-11-30 17:11:16 EST
+++ This bug was initially created as a clone of Bug #172207 +++
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
when register_globals is enabled, allows remote attackers to modify the
GLOBALS array and bypass security protections of PHP applications via a
multipart/form-data POST request with a "GLOBALS" fileupload field.
This issue should also affect FC3
*** Bug 172200 has been marked as a duplicate of this bug. ***
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.