Phase:php.cgi allows attackers to read any file on the system.
ReferencesXF:http-cgi-phpfileread
Votes:Proposed (Wednesday, June 23, 1999)
Comments: ACCEPT(5) Frech, Collins, Prosser, Northcutt, Baker | NOOP(1) Christey
F7: Prosser> additional source | AUSCERT External Security Bulletin ESB-97.047 | http://www.auscert.org.au | Christey> ADDREF BUGTRAQ:19970416 Update on PHP/FI hole | URL:http://www.dataguard.no/bugtraq/1997_2/0069.html | The attacker specifies the filename as an argument to the | program. | Add "PHP/FI" to description to facilitate search. | AUSCERT URL is ftp://ftp.auscert.org.au/pub/auscert/ESB/ESB-97.047 | Christey> Consider adding BID:2250