Computer Security
[EN] no-pyccku

PHP session.save_path open_basedir protection bypass
SecurityVulns ID:7513
Threat Level:
Description:It's possible to create file in any directory by using environment variables.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.)
Original documentdocumentPHP-SECURITY, MOPB-36-2007:PHP session.save_path open_basedir Bypass Vulnerability (31.03.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod