Description

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

Remediation

References

CVE-2007-1700

Related Vulnerabilities

Adminer 4.6.2 file disclosure vulnerability

WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.101)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21358)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.1)

MySQL CVE-2020-14760 Vulnerability (CVE-2020-14760)

Severity

High

Classification

CVE-2007-1700

Tags

Missing Update Known Vulnerabilities