Description

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

Remediation

References

CVE-2007-1700

Related Vulnerabilities

WordPress 3.5.1 Multiple Vulnerabilities (2.0 - 3.5.1)

WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0792)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317)

phpMyAdmin Other Vulnerability (CVE-2007-0095)

Severity

High

Classification

CVE-2007-1700

Tags

Missing Update Known Vulnerabilities