/techtags/language.php/ Recent content in Language.PHP on ZAP Hugo en-us /docs/alerts/20018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20018/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped &ldquo;=&rdquo; character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.</p> /docs/alerts/90019-2/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-2/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> /docs/alerts/90019-1/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/90019-1/ <p>A code injection may be possible including custom code that will be evaluated by the scripting engine.</p> /docs/alerts/20017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20017/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped &ldquo;=&rdquo; character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.</p>