VDB

RHSA-2005%3A838

RHSA-2005%3A838 PUBLISHED CVSS 9.300000190734863 CRITICAL

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Red HatRed Hat Enterprise Linux WS version 2.1
Red HatRed Hat Enterprise Linux AS (Advanced Server) version 2.1
Red HatRed Hat Enterprise Linux ES version 2.1
Red HatRed Hat Linux Advanced Workstation 2.1

Timeline

  • Nov 10, 2005 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Distribution Patch
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
  • Apr 24, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›