Vulnerabilities > PHP > PHP > 4.0

DATE CVE VULNERABILITY TITLE RISK
2001-03-12 CVE-2001-0108 PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
network
low complexity
php mandrakesoft
5.0
5.0
2001-01-12 CVE-2001-1385 The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
network
low complexity
php mandrakesoft
5.0
5.0
2000-12-19 CVE-2000-0967 Unspecified vulnerability in PHP 3.0/4.0
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
network
low complexity
php
critical
 10.0
10
2000-11-14 CVE-2000-0860 Unspecified vulnerability in PHP
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
network
low complexity
php
5.0
5.0