Red Hat Bugzilla – Bug 174169
CVE-2005-3388 PHP phpinfo() XSS attack
Last modified: 2007-11-30 17:11:17 EST
+++ This bug was initially created as a clone of Bug #172212 +++
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
This issue should also affect FC3
Fixed in Raw Hide with update to 5.1.1.