Description

session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot).

Remediation

References

CVE-2010-1130

Related Vulnerabilities

WordPress Plugin UsersWP-Front-end login form, User Registration, User Profile & Members Directory for WP Cross-Site Scripting (1.2.2.28)

Joomla! Core 1.6.x Cross-Site Scripting (1.6.0 - 1.6.6)

WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)

Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)

WordPress Plugin Coupon Tab for DirectoryPress Multiple Cross-Site Scripting Vulnerabilities (0.2.0)

Severity

Medium

Classification

CVE-2010-1130 CWE-264

Tags

Missing Update Known Vulnerabilities