{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T13:37:37.129","vulnerabilities":[{"cve":{"id":"CVE-2004-1020","sourceIdentifier":"cve@mitre.org","published":"2005-01-10T05:00:00.000","lastModified":"2026-06-16T22:06:52.150","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism.  NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute.  This candidate may change significantly in the future as a result of further discussion."},{"lang":"es","value":"** RECHAZADA ** NO USE ESTE NÚMERO DE CANDIDATA."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"57B71BB7-5239-4860-9100-8CABC3992D8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"72BD447A-4EED-482C-8F61-48FAD4FCF8BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"B3F9DF9D-15E5-4387-ABE3-A7583331A928"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"11579E5C-D7CF-46EE-B015-5F4185C174E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"0F9D7662-A5B6-41D0-B6A1-E5ABC5ABA47F"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E3797AB5-9E49-4251-A212-B6E5D9996764"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"D61D9CE9-F7A3-4F52-9D4E-B2473804ECB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7007E77F-60EF-44D8-9676-15B59DF1325F"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"17437AED-816A-4CCF-96DE-8C3D0CC8DB2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"74E7AE59-1CB0-4300-BBE0-109F909789EF"}]}]}],"references":[{"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915","source":"cve@mitre.org"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2004:151","source":"cve@mitre.org"},{"url":"http://www.php.net/release_4_3_10.php","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/advisories/9028","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/384663","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/11981","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18516","source":"cve@mitre.org"},{"url":"http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2004:151","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.php.net/release_4_3_10.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/advisories/9028","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/384663","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/11981","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/18516","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Red Hat","comment":"Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed.  There are no known uses of this function which could allow a remote attacker to execute arbitrary code.","lastModified":"2007-08-26T00:00:00"}]}}]}