Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)

Description

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

Remediation

References

Related Vulnerabilities

WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Scripting (4.7.1)

Drupal Incorrect Authorization Vulnerability (CVE-2011-2726)

WordPress Plugin Hellodialog Unspecified Vulnerability (1.0.2)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1318)

WordPress Plugin Verification Code for Comments Multiple Cross-Site Scripting Vulnerabilities (2.1.0)

Severity

Medium

Classification

CVE-2007-4652 CWE-59

Tags

Missing Update Known Vulnerabilities