Main Vulnerability Database Exploits ID:11514 - Exploit for Input validation error in PHP - CVE-2004-1020

ID:11514 - Exploit for Input validation error in PHP - CVE-2004-1020

Published: June 9, 2025

Vulnerability identifier: #VU110514

Vulnerability risk: Medium

CVE-ID: CVE-2004-1020

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://www.exploit-db.com/exploits/24985/

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

Remediation

Install update from vendor's website.

ID:11514 - Exploit for Input validation error in PHP - CVE-2004-1020

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human