Description

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

Remediation

References

CVE-2007-0905

Related Vulnerabilities

b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5553)

MySQL CVE-2018-3174 Vulnerability (CVE-2018-3174)

WordPress Plugin WP Server Health Stats Malicious Code (1.7.6)

Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7561)

WordPress Plugin Easy Google Map Cross-Site Scripting (1.1.4)

Severity

High

Classification

CVE-2007-0905

Tags

Missing Update Known Vulnerabilities