CVE-2005-3388

CVE Database · CVE-2005-3388

CVE-2005-3388

· N/AModified

CVSS v3.1

N/A

EPSS

48.89%

Published

Nov 1, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBPHP 4.x - PHPInfo Cross-Site Scripting TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

Affected Products (48)

php · phpvulnerable

php · php

References (20)

http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522

http://rhn.redhat.com/errata/RHSA-2006-0549.html

http://secunia.com/advisories/17371

PatchVendor Advisory

http://secunia.com/advisories/17490

http://secunia.com/advisories/17510

http://secunia.com/advisories/17531

http://secunia.com/advisories/17557

http://secunia.com/advisories/17559

http://secunia.com/advisories/18198

http://secunia.com/advisories/18669

http://secunia.com/advisories/21252

http://secunia.com/advisories/22691

KEV Catalog EPSS Scores Vendors All CVEs