PHP session.save_path open_basedir protection bypass
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
PHP session.save_path open_basedir protection bypass
Published:
31.03.2007
Source:
BUGTRAQ
SecurityVulns ID:
7513
Type:
library
Level:
5
/10
Description:
It's possible to create file in any directory by using environment variables.
Affected:
PHP
:
PHP 4.4
PHP
:
PHP 5.2
CVE:
CVE-2007-1835
(PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.)
Original document
PHP-SECURITY
,
MOPB-36-2007:PHP session.save_path open_basedir Bypass Vulnerability
(
31.03.2007
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Nizhny Novgorod
Enter your search terms
Web
securityvulns.com
Submit search form
test server
