Description

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

Remediation

References

CVE-2007-1835

Related Vulnerabilities

MySQL Other Vulnerability (CVE-2003-0073)

WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)

WordPress Plugin myEASYbackup 'dwn_file' Parameter Directory Traversal (1.0.8.1)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)

Severity

Medium

Classification

CVE-2007-1835

Tags

Missing Update Known Vulnerabilities