Description

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

Remediation

References

CVE-2007-1835

Related Vulnerabilities

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)

Oracle Database Server CVE-2013-3771 Vulnerability (CVE-2013-3771)

Drupal CVE-2014-9016 Vulnerability (CVE-2014-9016)

WordPress Plugin Viral Quiz Maker-OnionBuzz SQL Injection (1.2.1)

phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-1753)

Severity

Medium

Classification

CVE-2007-1835

Tags

Missing Update Known Vulnerabilities