Description

The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.

Remediation

References

CVE-2007-5899

Related Vulnerabilities

Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-1621)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13828)

Drupal Core 6.x Multiple Cross-Site Scripting Vulnerabilities (6.0)

WordPress Plugin Search & Replace SQL Injection (3.2.1)

Oracle HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-22720)

Severity

Medium

Classification

CVE-2007-5899 CWE-200

Tags

Missing Update Known Vulnerabilities