Description
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.
Remediation
References
Related Vulnerabilities
Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4104)
WordPress Other Vulnerability (CVE-2005-2107)
WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Security Bypass (2.1.5)