Description

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

Remediation

References

CVE-2007-1835

Related Vulnerabilities

MySQL CVE-2022-21321 Vulnerability (CVE-2022-21321)

OpenSSL Out-of-bounds Write Vulnerability (CVE-2022-2274)

WordPress Plugin BA Book Everything Cross-Site Scripting (1.3.24)

MySQL CVE-2015-4772 Vulnerability (CVE-2015-4772)

Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42122)

Severity

Medium

Classification

CVE-2007-1835

Tags

Missing Update Known Vulnerabilities