Description

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Remediation

References

CVE-2007-4652

Related Vulnerabilities

Plone CMS CVE-2012-5503 Vulnerability (CVE-2012-5503)

WordPress Plugin Shariff Wrapper Local File Inclusion (4.6.13)

WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.46.7212)

WordPress 4.3.x Prototype Pollution (4.3 - 4.3.27)

SugarCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-35810)

Severity

Medium

Classification

CVE-2007-4652 CWE-59

Tags

Missing Update Known Vulnerabilities