PT-2006-5234 · Php · Php
Stefan Esser
·
Publicado
2006-08-28
·
Atualizado
2018-10-30
·
CVE-2006-4433
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP versions prior to 4.4.3
PHP versions 5.x prior to 5.1.4
Description
The issue allows remote attackers to potentially exploit other vulnerabilities by inserting PHP code into the
PHPSESSID, which is stored in the session file, because the character set of the session identifier is not limited for third-party session handlers.Recommendations
For PHP versions prior to 4.4.3, update to version 4.4.3 or later.
For PHP versions 5.x prior to 5.1.4, update to version 5.1.4 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Php