CVE-2002-2029

PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.

Date published : 2005-07-14

http://www.securityfocus.com/bid/3786

http://www.securiteam.com/windowsntfocus/5ZP030U60U.html