Description

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Remediation

References

CVE-2007-4652

Related Vulnerabilities

Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.11)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)

WordPress Plugin Internal Links Manager Unspecified Vulnerability (2.0.1)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3634)

Severity

Medium

Classification

CVE-2007-4652 CWE-59

Tags

Missing Update Known Vulnerabilities