Description

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

Remediation

References

CVE-2007-1835

Related Vulnerabilities

WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)

WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)

Joomla Improper Input Validation Vulnerability (CVE-2008-4103)

WordPress Plugin WooCommerce HTML Injection (6.5.1)

Oracle Application Server CVE-2007-3854 Vulnerability (CVE-2007-3854)

Severity

Medium

Classification

CVE-2007-1835

Tags

Missing Update Known Vulnerabilities