PT-2007-4952 · Ellislab · Codeigniter

Lukasz Pilorz

Publicado

2007-07-11

Atualizado

2018-10-15

CVE-2007-3706

CVSS v2.0

2.1

Baixa

Vetor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions CodeIgniter version 1.5.3

Description The issue in CodeIgniter allows remote attackers to unset arbitrary global variables. This is demonstrated by a SERVER cookie, which can have an unspecified impact.

Recommendations For CodeIgniter version 1.5.3, update to a version released after 20070628 to resolve the issue. As a temporary workaround, consider restricting access to the sanitize globals function until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-3706

Produtos afetados

Codeigniter

PT-2007-4952 · Ellislab · Codeigniter

CVE-2007-3706

Identificadores relacionados

Produtos afetados

Referências · 7