|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #18553 phpinfo() allows cross-site scripting
Submitted: 2002-07-24 20:52 UTC Modified: 2002-07-25 04:32 UTC
From: olegpro at operamail dot com Assigned:
Status: Not a bug Package: Feature/Change Request
PHP Version: 4.2.2 OS: Win'2k
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: olegpro at operamail dot com
New email:
PHP Version: OS:


 [2002-07-24 20:52 UTC] olegpro at operamail dot com

phpinfo() is vulnerable to cross-site scripting.
printing of _SERVER["argv"] of is vulnerable.

// phpinfo.php

http://localhost/phpinfo.php?z=<SCRIPT>alert('Hello world!');</SCRIPT>


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-07-25 04:32 UTC]
Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit

Thank you for your interest in PHP.
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Wed Jul 06 17:05:44 2022 UTC