CVE-2006-4432

Name of the Vulnerable Software and Affected Versions Zend Platform versions 2.2.1 and earlier

Description A directory traversal issue allows remote attackers to overwrite arbitrary files by using a .. (dot dot) sequence in the final component of the PHPSESSID variable. This issue can potentially be used to perform direct static code injection.

Recommendations For Zend Platform versions 2.2.1 and earlier, update to a version that fixes this issue to prevent directory traversal and potential code injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.